I will definitely be checking this book out.
From: Brian Chess brian@fortifysoftware.com Subject: Secure Programming with Static Analysis Jacob West and I are proud to announce that our book, Secure Programming with Static Analysis, is now available. https://www.amazon.com/dp/0321424778 The book covers a lot of ground. * It explains why static source code analysis is a critical part of a secure development process. * It shows how static analysis tools work, what makes one tool better than another, and how to integrate static analysis into the SDLC. * It details a tremendous number of vulnerability categories, using real-world examples from programs such as Sendmail, Tomcat, Adobe Acrobat, Mac OSX, and dozens of others.