“Crafting Secure Software really helps you build a comprehensive checklist of security risks and best practices that you should consider when writing software. Its recommendations go beyond the code itself to ensure you are thinking about the entire pipeline that produces your application.”

C.J. May, Senior IT Security Analyst at Vermeer Corporation, Technical Content Writer at GitGuardian

A wholly remarkable book. I have known the author, Thomas Segura, professionally and personally, for three years, and it has always been a pleasure to converse and collaborate with him. Over the past decade, I’ve worked on DevOps/DevSecOps for numerous Fortune 500 companies and tech startups, and I consider myself an expert on the subject matter. Nevertheless, conversations with Thomas always spark new thoughts in me, and I always have something new to learn from him, be it security best practices or security posture in general. This book is a distillation of Thomas’s years of expertise on the whole secure software development lifecycle (SSDLC). Speaking from experience, hand on heart, not even the best teams have adopted all the best practices from this book. Yep, it’s that good —it’s north-star good, navigating you through the complexities of secure software development. If you are looking for a comprehensive guide on SSDLC, look no further: This is the definitive book.

Tiexin Guo, Open Source Developer at Canonical (Ubuntu), and CNCF ambassador

“An indispensable resource for anyone looking to implement security measures throughout the SDLC.

I loved the book’s in-depth coverage of real-world case studies, taking you from theory to actual news headlines. By dissecting these incidents, the authors provide readers with a practical understanding of how breaches occur and the severe implications of weak security practices, making it a strategic guide for anyone looking to defend against ever-evolving cyber threats. The book’s accessible language and actionable insights make it suitable for both technical and non-technical audiences, ensuring that security becomes a shared responsibility across teams. It’s a must-read for security architects, DevOps professionals, and IT leaders responsible for safeguarding software assets.”

Dwayne McDaniel, Developer Advocate at GitGuardian

Greg Bulmash is a karaoke king who started blogging before “blog” was a word. He’s picked up both developer certifications and press accreditations, been invited as a speaker to tech conferences on three continents and led a CoderDojo chapter that put on around 150 free STEM education events for Seattle area children. At GitGuardian, he’s produced expert-oriented company blogs, externally placed articles, and cartoons for content marketing and thought leadership on cybersecurity best practices, secrets management, software supply chain security, cybersecurity legislation & regulation.

Thomas Segura is a seasoned technical writer and former DevOps engineer passionate about bridging the gap between security teams and developers. After developing microservices for smart grids at a major energy company, Thomas joined GitGuardian, a leading code security innovator, in 2021. As a technical content writer, he produces in-depth material on application and cloud security best practices. His notable works include the “State of Secrets Sprawl” report and the Secrets Management Maturity Model. Thomas’s insights have been featured on Hacker News, DevOps, and HelpNetSecurity. Through his writing, he shapes the conversation around modern software security, emphasizing collaboration between development and security teams.