Software security has come a long way in the last few years, but we’ve really only just begun. Software security is the practice of building software to be secure and to function properly under malicious attack. The underlying concepts behind Software Security have developed over almost a decade and were first described in Building Secure Software [Viega and McGraw 2001] and Exploiting Software [Hoglund and McGraw 2004]. This book begins where its predecessors left off, describing in detail how to put software security into practice.

After completing Java Security [McGraw and Felten 1996] and following it up with Securing Java [McGraw and Felten 1999], I began wondering how it was that such excellent designers, engineers, and architects ...