Security is something that is very important in all kinds of applications today. I have many more articles I want to write about security (particularly since we fixed a recent security hole). I'm going to start, however, with a review of one of two books I read recently on security. The book - The Security Development Lifecycle, by Michael Howard and Steve Lipner - steps you through the Microsoft process of creating more secure software. I used to work at Microsoft, but left shortly before the SDL process was instituted, so I haven't seen how this process worked there. But, as the authors point out, if you look at how Microsoft has improved its reputation for security issues over time, this process has some real value.

The meat of the book (Part II)  is an explanation of the stages of the Security Development Lifecycle (SDL) process. The authors do a good job of explaining these steps and how you can implement them in your own project. I think the SDL is a great process for improving the security of a software project and would suggest anyone who is concerned about the security of their software project (which should be just about everyone working on a significant software project) should read this book.

I would recommend this book for managers and developers (even though the authors point out it is not a book with code samples and examples of how to write better code). I believe if developers know more about the how security issues crop up and can be handled, they will be better equipped to write solid code.