Welcome to Software Security: Principles, Policies, and Protection (SS3P), a free book about software security. SS3P focuses on basic software security principles, secure software development from design over implementation to testing, software security policies (with a focus on memory and type unsafe language like C/C++), defense strategies with a focus on verification, testing, and mitigation, attack vectors, and reverse engineering. The different chapters are augmented with several case studies.
This book is, was, and always will be free and openly accessible in PDF form. If you reference the book, please link to the SS3P PDF directly so that your readers will always get the most recent version.
The intended audience of this book are advanced undergraduate and graduate students interested in software security (e.g., as part of a software security, system security, or information security class) as well as developers working with low level languages such as C/C++.
Firmware Security 