Software Security

I am proud to have helped spearhead the field of software security.  I got started in software security by pondering why the inventors of Java (that is, Bill Joy, Guy Steele, James Gosling, Ken Arnold and others) screwed it all up when it came to Java security way back in the mid-‘90s.  If even those software wizards got things wrong, what hope did mere mortals have?  I looked around for books about building secure software way back then and there were none.

In 2000, I wrote the book Building Secure Software with John Viega.  Building Secure Software was the first book in the world about software security.

We’ve made plenty of progress in the field since the year 2000, and many great books about software security are now available.  I am very proud that my seminal book Software Security is still relevant.  Read Software Security together with the BSIMM (the de facto standard for measuring software security initiatives).

I continue to write articles and speak about software security to this day and am very proud of the way the field has grown.

One day when I was still working on the book Software Security, I was designing the cover in the kitchen.  My wife at the time saw me dragging cowboy hats onto a yin/yang and asked me what I was doing.  I told her I was making some art for the cover of a book I was working on.  She declared the idea “way too geeky” which translated to “probably just geeky enough” in my mind.  Ever since the publication of Software Security in 2006, I have been using the cowboy hats image as my personal logo.