I am proud to have helped spearhead the field of software security. I got started in software security by pondering why the inventors of Java (that is, Bill Joy, Guy Steele, James Gosling, Ken Arnold and others) screwed it all up when it came to Java security way back in the mid-‘90s. If even those software wizards got things wrong, what hope did mere mortals have? I looked around for books about building secure software way back then and there were none.
In 2000, I wrote the book Building Secure Software with John Viega. Building Secure Software was the first book in the world about software security.
Software Security & the BSIMM
We’ve made plenty of progress in the field since the year 2000, and many great books about software security are now available. I am very proud that my seminal book Software Security is still relevant and provides the foundation for Synopsys’s software security services. Read Software Security together with the BSIMM (the de facto standard for measuring software security initiatives).
One day when I was still working on the book Software Security, I was designing the cover in the kitchen. My wife saw me dragging cowboy hats onto a yin/yang and asked me what I was doing. I told her I was making some art for the cover of a book I was working on. She declared the idea “way too geeky” which translated to “probably just geeky enough” in my mind. Ever since the publication of Software Security in 2006, I have been using the cowboy hats image as my personal logo.