Edward Snowden: NSA whistleblower answers reader questions

Apple and the SSL/TLS bug: Open Questions

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Heartbleed bug undoes Web encryption, reveals Yahoo passwords

Linux users at risk as ANOTHER critical GnuTLS bug found

Microsoft SSL bug could be worse than Heartbleed, say researchers

Serious NTP security holes have appeared and are being exploited

Guidelines for Security Vulnerability Reporting and Response - from the Organization for Internet Safety, Sept. 1, 2004

Software Insecurity: The Problem with the White House Cybersecurity Proposals - Steve Bellovin’s blog post

Shopping for Zero-Days: A Price List for Hackers' Secret Software Exploits - by Andy Greenberg (Forbes)

Cards Stolen in Target Breach Flood Underground Markets - Krebs on Security article with info about underground card shops (markets for stolen credit cards)

Before we knew it: an empirical study of zero-day attacks in the real world by Leyla Bilge and Tudor Dumitras. 2012 ACM Conference on Computer and Communications Security (CCS). Full paper at the link from UNCG hosts, or this link from anywhere

The NSA hacks other countries by buying millions of dollars' worth of computer vulnerabilities - The Washington Post

Bug Bounty and Responsible Disclosure Programs

The Known Unknowns: Empirical Analysis of Publicly Unknown Security Vulnerabilities, by Stefan Frei (NSS Labs)

Meet the Hackers Who Sell Spies the Tools To Crack Your PC (And Get Paid Six-figure Fees) - by Andy Greenberg (Forbes) - a particularly good story on the Vupen "vulnerability vendor"

Unix/Linux Command Reference

GDB Quick Reference

GDB Cheat Sheet - PDF version - this "cheatsheet" is focused on GDB commands that are often used in reverse engineering rather than source-level debugging

OverTheWire Wargames

The Underhanded C Contest

Recent vulnerability story: The GHOST Vulnerability - from the Qualys Blog

Drew’s grep tutorial - an excellent introduction to the basics of grep (with a link to a more extensive tutorial on regular expressions)

How To Search Your Source With Grep - a few examples specifically oriented at search source code

15 Practical Grep Command Examples in Linux/Unix - examples, example, examples!

A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World - CACM article by Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, and Dawson Engler. Amusing tales of the challenges of taking a Stanford research project and turning it into a commercial product (the Coverity Static Analysis tool).

MIT Researchers Debut Debugger for Integer Overflows - story on Threatpost (Kaspersky Labs)

Toward More Secure Software - essay by Dorothy Denning in the April 2015 Communications of the ACM about approaches to vulnerability markets and liability

Researchers try to hack the economics of zero-day bugs - Story at Ars Technica (by Sean Gallagher) reporting on research about vulnerability markets

SAFECode: Fundamental Practices for Secure Software Development, 2nd edition — A Guide to the Most Effective Secure Development Practices in Use Today (our focus is on "Secure Coding Practices" on pages 12-38)

The Protection of Information in Computer Systems - Saltzer and Schroeder’s classic 1975 paper introducing their 8 design principles