While I was presenting yesterday at the second of Black Marble’s events on Windows 2008 to a group of IT professionals, I suggested that they look at ‘Writing Secure Code’ by Michael Howard and David LeBlanc to get a good view of security in depth and risk analysis. On second thoughts, this book might be a bit too developer focused. I think Michael Howard’s new book with Steve Lipner “The Security Development Lifecycle” might be a bit more appropriate read (though it does not seem to be available on Amazon UK yet, should be there soon).