The Developer Highway Code
by Paul Maher, Alex Mackman
Publisher: Microsoft Press 2006
Number of pages: 163
To build software that meets your security objectives, you must integrate security activities into your software development lifecycle. This handbook captures and summarises the key security engineering activities that should be an integral part of your software development processes. These security engineering activities have been developed by Microsoft patterns & practices to build on, refine and extend core lifecycle activities with a set of security-specific activities. These include identifying security objectives, applying design guidelines for security, threat modelling, security architecture and design reviews, security code reviews and security deployment reviews.
Download or read it online for free here:
by Lillian Ablon, Martin C. Libicki, Andrea A. Golay - RAND Corporation
Criminal activities in cyberspace are increasingly facilitated by burgeoning black markets for both tools (e.g., exploit kits) and take (e.g., credit card information). This report describes the fundamental characteristics of these markets.
This is an introduction to information security aimed primarily at K-12 administrators, educators, and technology staff. Security professionals have found that actions taken to increase security often have a minimal, or even opposite, effect.
by Travis H. - subspacefield.org
This is an online book about computer, network, technical, physical, information and cryptographic security, illustrated with interesting examples. It is not intended to be an introductory text, although a beginner could gain something from it.
- The National Academies Press
Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies.