Full Text

A Bug Hunter's Diary Tobias Klein. 2011. No Starch Press (http://www.nostarch. com). 194 pages. ISBN: 978-1-59327-385-9

CSQE Body of Knowledge areas: III.E.2 Quality Attributes and Design, II.A.l Quality Goals and Objectives This book is a very programmingcentric approach to software security considerations, as it does so from the perspective of finding defects in code, focusing specifically on those associated with potential security vulnerabilities. There are quite a few books on writing code to avoid such vulnerabilities and many other books on general software security concerns. The Department of Homeland Security's Software Assurance program, in cooperation with CERT (the Software Engineering Institute's cybersecurity study and response group), also has a variety of freely available resources on software security and vulnerability prevention.

This book, however, takes the approach of documenting how the author went about locating seven such vulnerabilities in vendor code and how the vendor responded to fix the code. So, it is a specific "case...