:: extra ::

About 18 months ago Jacob West and I got serious about writing a book. With much joy and relief, I'm happy to say that the book is finally out. Secure Programming with Static Analysis has been released into the wild! In some ways this is an extended-play version of my PhD work, but written for more than just an academic audience. It makes the case for static source code analysis as an essential tool for getting software security right. The book covers a lot of ground.

• It explains why static source code analysis is a critical part of a secure development process.
  
• It shows how static analysis tools work, what makes one tool better than another, and how to integrate static analysis into the SDLC.
  
• It details a tremendous number of vulnerability categories, using real-world examples from programs such as Sendmail, Tomcat, Adobe Acrobat, Mac OSX, and dozens of others.
  
• It includes tutorials that walk through applying a static analysis tool to a real programs.

I'm now going to face the happy problem of finding something to do with my weekends! I can handle it.

I'll send a free book to the first person who names the type of flower on the cover and gives a decent explanation for why we used a flower rather than a lock or a gate or some kind of weapon. Post your answer here or send me email (my first name @ fortify.com).

Update: The prize goes to Andre Gironda who named the flower as a lotus, and who correctly guessed that we used a lotus because it is a symbol of purity and enlightenment. It begins in the mud, but transforms itself into a beautiful flower. We like the idea that static analysis helps bring purity, and that taking security into account is part of an enlightened approach to programming. We also like the way it looks.