Gary McGraw

The Software Security Library

What is it about software that makes security such a problem? If you want to build secure software, how do you do it? These questions and the perseverance of three of the world's leading security experts, Gary McGraw, John Viega, and Greg Hoglund, led to the three books contained in this package.

Building Secure Software: How to Avoid Security Problems the Right Way—the white hat book—touched off a revolution. Security professionals who once relied solely on firewalls, intrusion detection, and anti-virus mechanisms came to understand and embrace the necessity of better software. This book provides a coherent and sensible philosophical foundation for the blossoming field of software security.

Exploiting Software: How to Break Code—the black hat book—provides a much needed balance, teaching how to break software and how malicious hackers write exploits. This book is meant as a reality check for software security, ensuring that the good guys address real attacks and develop solutions that actually work. The two books are in some sense mirror images.

Software Security unifies the two sides of software security—attack and defense, exploiting and designing, breaking and building—into a coherent whole. Like the yin and the yang, software security requires a careful balance.