Two new books arrived at TaoSecurity last week. The first is Software Security: Building Security In by Gary McGraw. This book is available alone or in a boxed set with Exploiting Software and Building Secure Software. I've read the second book, so I may try to read Software Security right away. The new book is the third in the Addison-Wesley Software Security Series.
At RSA in February Gary told me he wanted Building Secure Software to begin that series, but instead it ended up in the Addison-Wesley Professional Computing Series. The other book in the Software Security Series is Rootkits, a book I'm waiting to read. I'd like a little more programming knowledge before trying that one.
The second book added to my reading queue is Anti-Hacker Toolkit, 3rd Ed. I reviewed the 2nd Ed in June 2004 and the 1st Ed in August 2002. I sat down with the 2nd and 3rd editions and did a cursory examination of changes. The major difference is a new chapter, 26, on reverse engineering binaries. Aside from that, the 3rd Ed is structurally identical to the 2nd Ed. A few tools have been added and some have been deleted. Co-authors Chris Davis, Aaron Philipp, and David Cowen have stepped in to help lead author Mike Shema, although material from original authors Keith Jones and Brad Johnson is still present. (Mike Shema is the third original author, meaning he, Keith, and Brad wrote the 1st Ed.)
I have a feeling that my recommendation for the 3rd Ed will be the same as for the 2nd Ed -- if you don't have a copy, get one. Security pros should know how to use most if not all of the tools in Anti-Hacker Toolkit. Employers -- asking about tools in this book is a great way to start a dialogue with candidate employees. If you have the 2nd or even the 1st Ed, however, you probably won't be able to financially justify the upgrade.