Thou shalt have no other gods before the ANSI C standard 1422

rpl

Ok. Security Engineering is one of my favorites for learning the mindset. It isn't going to teach prescriptions for how to build secure stories, and it is mostly a bunch of war stories, but I think it does a good job of showing the motivation for the sort of "prudent paranoia", "be prepared for anything", adversarial viewpoint. I'm also very partial to Cheswick and Bellovin's Internet Firewalls as a way of being exposed to this kind of thinking (and, oh, sorry, Rubin is now a co-author, too). The latter will also have some practical material on network security, but again, don't read it just for that -- read it as a way to learn how to think like security gurus think, not as a cookbook that will give you step-by-step recipes on how to secure your own systems. I don't think you can go wrong with either of these.

If you are looking for practical details on secure coding in particular, there are a few good books out there. I'd start with Howard and LeBlanc's Writing Secure Code and Viega and McGraw's Building Secure Software. These are a good introduction to the topic of how to program securely.

I'd start with them. They are clbuttics. After you've read them, you will have a little better idea of the field. If that gives you some idea of what kind of material you find useful and what you are looking for, we may be able to give you further recommendations on reading that goes more deeply in the topics of interest to you.