Foreword

The software industry has, on aggregate, made a great deal of progress securing software against attacks over the last ten or so years. But for many, any improvement has been small because of the piecemeal nature of their security efforts. There is always more to be done as attackers become savvier and, in many cases, more determined to compromise systems for malevolent gain. This ongoing arms-race between attackers and defenders will only escalate as more devices are connected to the Internet. I say “devices” and not “computers” on purpose because we are seeing millions of smaller devices such as smartphones join the throngs of other systems that are already active Internet citizens. We’re seeing the rate at which software is developed ...