replete with bugs that could have been avoided. In this exceptional book, Brian Chess
and Jacob West provide an invaluable resource to programmers. Armed with the
hands-on instruction provided in Secure Programming with Static Analysis, developers
will finally be in a position to fully utilize technological advances to produce better
code. Reading this book is a prerequisite for any serious programming.”
—Avi Rubin, Ph.D.
Professor of Computer Science, Johns Hopkins University
President and co-Founder, Independent Security Evaluators
“Once considered an optional afterthought, application security is now an absolute
requirement. Bad guys will discover how to abuse your software in ways you’ve yet to
imagine—costing your employer money and damaging its reputation. Brian Chess and
Jacob West offer timely and salient guidance to design security and resiliency into your
applications from the very beginning. Buy this book now and read it tonight.”
—Steve Riley
Senior Security Strategist, Trustworthy Computing, Microsoft Corporation
“Full of useful code examples, this book provides the concrete, technical details you
need to start writing secure software today. Security bugs can be difficult to find and
fix, so Chess and West show us how to use static analysis tools to reliably find bugs
and provide code examples demonstrating the best ways to fix them. Secure Program-
ming with Static Analysis is an excellent book for any software engineer and the ideal
code-oriented companion book for McGraw’s process-oriented Software Security in a
software security course.”
—James Walden
Assistant Professor of Computer Science, Northern Kentucky University
“Brian and Jacob describe the root cause of many of today’s most serious security issues
from a unique perspective: static source code analysis.
Using lots of real-world source code examples combined with easy-to-understand
theoretical analysis and assessment, this book is the best I’ve read that explains code
vulnerabilities in such a simple yet practical way for software developers.”
—Dr. Gang Cheng
“Based on their extensive experience in both the software industry and academic
research, the authors illustrate sound software security practices with solid principles.
This book distinguishes itself from its peers by advocating practical static analysis,
which I believe will have a big impact on improving software security.”
—Dr. Hao Chen
Assistant Professor of Computer Science, UC Davis
