Some thoughts on security books
I’m not a security expert and I have a basic knowledge of the subject, such as knowing STRIDE, a little bit of SDL and some background on cryptography. If I look at my bookshelf I see that I have some security books on various argument, and I’m wonder if they are enough or if I need to buy some other books.
There are a lot of good books on security but I think that the argument deserves some special treatment. What I mean is that “ We does not need more security books but more security in each Book “. For some technologies like asp.net there are great books of more than 1000 pages, that contains little or no information about security issues. You can buy some other books on the subject, but in the end developers tend to ignore security aspects of technologies.
It would be really better if all books on computer technologies devotes about 10% of the content to security issues, instead to force people to buy specific book on the argument. Security is an extremely important thing, and I cannot believe that a 1200 pages book on asp.net does not have enough room for two or three chapters dedicated to it.
alk.