(ieeecs-media.computer.org)

180 points beryilma | 1 comments | 21 Oct 24 19:16 UTC | HN request time: 0.203s | source

Show context

tptacek ◴[21 Oct 24 21:44 UTC] No.41908836[source]▶

>>41907412 (OP) #

SWEBOK 4 adds a dedicated section for security, but it's painfully 2012 (testing, for instance, centers on the old industry-driven "SAST" vs. "DAST" distinction). It also promotes stuff like Common Criteria and CVSS. The "domain-specific" security section could have been pulled out of the OWASP wiki from 2012 as well: "cloud", "IOT", "machine learning".

replies(2): >>41910272 #>>41911429 #

1. codetrotter ◴[22 Oct 24 01:22 UTC] No.41910272[source]▶

>>41908836 #

Are there any freely available books you would recommend for 2024 security in software engineering?

(Freely available in the same sense that the SWEBOK is I mean; you can read it free of charge without DRM and without having to resort to piracy. Doesn't have to be a fully free book that goes as far as to allow modification and redistribution although that is an extra nice bonus if any of your suggested books are like that.)

↑

Software Engineering Body of Knowledge (SWEBOK) v4.0 is out [pdf]