It's been a while since I last recommended a book ... in fact, it's been more than a year. There are a number of good books on how to write secure code, now there's one on how to make sure that developers have written secure software: Hunting Security
