Cost of cyber crime
Ransomware
Stuxnet
German Steel Mill
Ukranian power cut (not mentioned in slides)
Responsibility for insecure software
Bug bounty programs
J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, 2001.
One of the first books on the topic of Secure Programming. Still useful to understand some of the principles, although details are not current.
M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, second edition, 2003.
Another early book; this one focuses on Windows. Again highly influential and useful for reference, but not up-to-date for current use. More recent titles are available from the Microsoft Press.
B. Chess and J. West. Secure Programming with Static Analysis. Addison-Wesley, 2007.
This book introduces ideas behind static analysis tools for detecting security flaws. Written by the founders of Fortify, now a part of HP.
M. Dowd, J. McDonald and J. Schuh. The Art of Software Security Assessment. Addison-Wesley 2007.
A lengthy book with detailed guidance on code reviewing for secure programming.
David Basin, Patrick Schaller, Michael Schlapfer. Applied Information Security: A Hands-on Approach. Springer, 2011.
A short practical introduction using Linux VMs to demonstrate some attacks and defences.
Fred Long et al. The CERT Oracle Secure Coding Standard for Java, Addison-Wesley, 2012.
A set of guidelines for Java. Some need to be enforced by design and code reviews; others might be enforced automatically by tools.
CERT also provide a shorter book Java Coding Guidelines: 75 Recommendations ... as well as books giving coding standards for C and C++.
OWASP, the web application security project is one of the best places to find out about software security.
The CERT secure coding website provides online versions of the CERT coding standards, which are developed in a Wiki.
SANS, a security training organisation, provides some useful resource including some material on secure programming.
Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk Please contact our webadmin with any comments or corrections. Logging and Cookies Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh |