Writing Secure Code 3

  • Article

It seems like every time I've gone out in public recently, I've been asked when we were going to update Writing Secure Code 2. I've been seeing comments about it along the lines of "Good, but dated." Ouch. It has been a while – we published WSC2 in 2002, and if you read my last post, you'll see that even I've forgotten about some of our sample code.

A bit of history – technical books are like software – they ship on a schedule, and you do sometimes cut features to meet the schedule. When we published the first edition of Writing Secure Code, we just about immediately started planning the second edition so we could get the rest of the content we wanted out there. Then the first 2 major security pushes happened, we got a lot of feedback, and just after we'd recovered from the Windows security push, we got started. Our thinking at the time was that we'd add a couple of hundred new pages, spruce up what we had, it would be a piece of cake, and we'd be done RSN.

What really happened is that we started finding whole chapters we needed to significantly update, we let ourselves get caught up with scope creep, and we nearly doubled the size of the book. We worked really hard on it for about 6 months, and we found out that an 800 page book is a massive project. By the time we were done, my horse didn't know who I was, and we were both afraid we'd get booted out of our houses (not really, but an ignored wife is generally NOT a happy wife).

Happily, we did a good job, and WSC2 has held up well over time, but we keep finding things we'd like to add, bits we'd like to update, and so on. Last time I scoped a complete update, it went to 1200 pages, and it was daunting to say the least.

We now have a tentative plan to make an update – it will actually be a series of books, if it plays out as planned. This will allow us to take a rest between volumes, and you won't need a wheelbarrow to carry it with you.

As we proceed, we'll be posting bits to our blogs and looking forward to your feedback. Speaking of feedback, we're really interested in hearing about topics you'd like to see covered, areas you think need a refresh (we have a long list of this ourselves), and just suggestions in general.

As things firm up, Michael and I will be giving you updates on our blogs.

It's starting to get cold and rainy up here – time to start writing!