There have been a great many books, magazines, and papers published on the topic of computer security in the last few years, reflecting the growing concern with the topic. Trying to keep up with even a subset of this information can be quite a chore, regardless of whether you wish to stay current as a researcher or as a practitioner. In this appendix, we have collected information about a variety of useful references that you can use as a starting point for more information, further depth, and additional assistance.
We should note that in the first edition, this appendix was comprehensive and included nearly everything worth reading on Unix security. For the third edition, the appendix is about the same size, but it now covers only a small fraction of the field! We have tried to confine the list to a small set of accessible and especially valuable references that you will not have difficulty finding.[1] A few of the older references have been preserved for historical reference as much as for any other reason. We've provided annotation where we think it will be helpful.
[1] If you know of other generally accessible references that you think are outstanding and that we have omitted from this list, please let us know.
This appendix is the first of three resources appendixes, all of which contain helpful suggestions for further reading. In Appendix D, we list some online resources in which you can find other publications and discussions on security. In Appendix E, we give pointers to a number of professional organizations (including ACM, Usenix, and the IEEE Computer Society) that sponsor periodic conferences on security; you may wish to locate the proceedings of those conferences as an additional reference. We especially recommend the proceedings of the annual Usenix Security Workshop: these are generally Unix-related and more oriented toward practice than theory.
If you are interested in building your security bookshelf, we advise you to visit a bookstore, see the booksellers at a security conference, or read the reviews of books in security-related venues. The field is moving quickly, and any list, ours included, is likely to be obsolete before the next edition. Similar to keeping up with bugs and patches, it is important to keep up with the literature!