3.9. To Learn More
Some of the earliest examples of security vulnerabilities are programs that compromise data. To read about them, start with the
written by Anderson [AND72] and Ware [WAR79], both of which contain observations that are still valid today. Then read the papers of Thompson [THO84] and Schell [SCH79], and ask yourself why people act as if malicious code is a new
If you want good examples of flaws in many available commercial applications and the ways in which they could have been avoided, consider the books by Whitaker and Thompson [WHI03a], Andrews and Whitaker [AND06], Hoglund and McGraw [HOG04], and Howard et al. [HOW05].
Various examples of program flaws are described by Parker [PAR83] and Denning [DEN82]. The
edited by Hoffman [HOF90] and Denning [DEN90a] are
collections on malicious code. A good summary of current malicious code techniques and examples is presented by Denning [DEN99].
Stoll's accounts of finding and dealing with intrusions are worth reading, both for their lighthearted tone and for the serious situation they describe [STO88, STO89].
Software engineering principles are discussed by
authors. The books by Pfleeger et al. [PFL01] and Pfleeger and Atlee [PFL06a] are good places to get an overview of the issues and approaches. Corbat [COR91] reflects on why building complex systems is hard and how we can improve our ability to build them.
The books by DeMarco and Lister [DEM87] and DeMarco [DEM95] are filled with
, creative ways to address software development. More recent books about agile development and extreme programming can give you a different perspective on software development; these techniques try to address the need to develop products quickly in a constrained business environment. In 1975 Brooks wrote an excellent book called
The Mythical Man-Month
on the realities and limitations of software development, which he updated and reissued in 1995 [BRO95]. Now over 30
old, the book still has
lessonsif only people would read and heed them.
The world does not lack models for solid development of security-critical software. Villarroel et al. [VIL05] compare and contrast many recent models