1. Introduction to the Problem

Your authors have been at “this security stuff” for more than 20 years. At various points during that time, we have been on the front lines of two key struggles, writing secure code and securing enterprises from attack—often after the fact, as a result of incident response operations. Over this time, we have seen good progress in both arenas. Yet when we examine the common software produced today, and the way our enterprises are protected, we find egregious flaws and serious risks. We find mistakes and pitfalls that have been well understood and well documented for many years (even, in some cases, decades). We also see new threats and ingenious new attacks. Worse still, as programmers, enterprise security practitioners, ...

Get Enterprise Software Security: A Confluence of Disciplines now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.