Security Engineering Notes

"Security engineering isn't electrical engineering; you can't reduce it to Maxwell's equations. You need many more mathematical tools: the crypto, the protocols, the information flow models, the game theory and maybe the emsec too. And then there's the human factors. Security is a fox subject, and getting more so."
- Ross Anderson, comment on

Recommended Authors and Speakers

Ross Anderson - Homepage
Books: Security Engineering
Youtube Playlist

John Strand - Homepage
Youtube Channel

Peter Gutmann - Homepage
Books: Engineering Security (PDF)
Tutorials: Godzilla Crypto Tutorial
Youtube Playlist

Marcus Ranum - Homepage
Papers: Six Dumbest Ideas in Computer Security (one of many listed here)

Recommended sites

NIST Computer Security Special Publications

Additional books and papers

Reflections on Trusting Trust - Ken Thompson (PDF)
Personal observations on the reliability of the Shuttle - R. P. Feynman
How Complex Systems Fail - Richard Cook, MD
 To Engineer Is Human: The Role of Failure in Successful Design - Henry Petroski
The Twelve Networking Truths

Do not neglect the psychology behind security.