Re: Microsoft Writing Secure Code

> I was looking for some opinions about the book "Writing Secure
> Code" from Microsoft press. 

I find this a very good book. It explains many aspects of secure
programming, and applies them to the Windows APIs. There
is another book with a similar topic ("Building Secure Software"
by Gary McGraw and John Viega) which arguably does a better
job in explaing the general principles of secure programming,
while "Writing Secure Code" works more closely along the lines
of the Windows APIs, but I find both books immensely useful
(and without actually overlapping very much in detail). BSS
uses Unix examples, by the way, but still manages to be
less OS-specific than WSC.
(Note that I am referring to the 2nd edition of WSC - I do not know
the 1st edition.)

> Do you find it useful or plain microsoft propaganda (like I
> read somewhere else)?

I am not a fan of Microsoft (look at the relevant header lines of 
this message :-)  but this book is definitely useful and not 
propraganda. It is even useful (though somewhat less so)
if you don't develop for Microsoft platforms - if half of its
800 pages or so don't apply to you, there is still a lot of
very useful advice left.

Best regards,
Holger Peine

-- 
Dr. Holger Peine
Fraunhofer IESE, Kaiserslautern, Germany
Phone +49-6301-707-134, Fax -209 (shared)
www.iese.fraunhofer.de/Staff/peine -- PGP key on request or via pgp.mit.edu