(ieeecs-media.computer.org)

180 points beryilma | 3 comments | 21 Oct 24 19:16 UTC | HN request time: 0.293s | source

1. tptacek ◴[21 Oct 24 21:44 UTC] No.41908836[source]▶

SWEBOK 4 adds a dedicated section for security, but it's painfully 2012 (testing, for instance, centers on the old industry-driven "SAST" vs. "DAST" distinction). It also promotes stuff like Common Criteria and CVSS. The "domain-specific" security section could have been pulled out of the OWASP wiki from 2012 as well: "cloud", "IOT", "machine learning".

replies(2): >>41910272 #>>41911429 #

2. codetrotter ◴[22 Oct 24 01:22 UTC] No.41910272[source]▶

>>41908836 (TP) #

Are there any freely available books you would recommend for 2024 security in software engineering?

(Freely available in the same sense that the SWEBOK is I mean; you can read it free of charge without DRM and without having to resort to piracy. Doesn't have to be a fully free book that goes as far as to allow modification and redistribution although that is an extra nice bonus if any of your suggested books are like that.)

3. mixmastamyk ◴[22 Oct 24 05:21 UTC] No.41911429[source]▶

>>41908836 (TP) #

Believe it is supposed to be slow-moving, keeping to settled matters. Have those fallen out of favor, or shown to be wrong already?

↑

Software Engineering Body of Knowledge (SWEBOK) v4.0 is out [pdf]