Security folks often encourage people to build security in from the start, and architect systems that are secure by design. What are some readings you would recommend for someone who wants to learn more about how to go about doing this? I'm particularly interested in reading about secure-by-design languages and APIs, and how to go about designing languages/APIs for security.
Asked
Active
Viewed 358 times
1 Answers
5
These aren't books, but you may find the info useful:
- BSIMM - the Building Security In Maturity Model
- OpenSAMM - Open-Source Security Software Assurance Maturity Model
Security Maturity Models tend to provide a lot of info on building security in from the start, defining Secure Development Lifecycles and managing governance and change in order to raise security baselines.
They don't go into any depth on languages or api's though, more around what you would want to look for or measure or control, so this answer may not work for you. Have a read of them both anyway and see.
Rory Alsop
- 61,474
- 12
- 117
- 321