Matt Setzer wrote...

> It's been kind of quiet around here lately - hopefully just because everyone
> is off enjoying a well deserved summer (or winter, for those of you in the
> opposite hemisphere) break.  In an effort to stir things up a bit, I thought
> I'd try to get some opinions about good foundational materials for security
> professionals.  (I'm relatively new to the field, and would like to broaden
> my background knowledge.)  Specifically, what are the top five or ten
> security papers that you'd recommend to anyone wanting to learn more about
> security?  What are the papers that you keep printed copies of and reread
> every few years just to get a new perspective on them?  

Okay, for starters, in no particular order:

  Ken Thompson's Turing Award lecture, _Reflections on Trusting Trust_, URL:

  Saltzer & Schroeder, "The Protection of Information in Computer Systems",
        Proceedings of the IEEE, Sept. 1975, pp. 1278-1308, available at:

  David Wheeler, "Secure Programming for Linux and Unix HOWTO", URL:

  Aleph One, "Smashing the Stack for Fun and Profit", URL:

  Bruce Schneier, "Why Cryptography Is Harder Than It Looks", URL:

  Carl Ellison and Bruce Schneier, "Ten Risks of PKI: What You're Not Being
        Told About Public Key Infrastructure", URL:

Also, I'd probably through in a few RFCs and the Firewall and Snake-Oil
Cryptography FAQs in there as well, but I'm too lazy to look them up
right now.

Kevin W. Wall           Qwest Information Technology, Inc.
[EMAIL PROTECTED]       Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit

Reply via email to