Security technical resources that programmers must read

Don Kiely Microsoft MVP, recently invited as a special expert by W3C HTML 5 Working Group. He has been paying attention to security technologies. Program Personnel. Here is a list of security technology Internet resources he listed on the ASP. netpro website. Note: I added some of the instructions below, which are not exactly the same as the original text.

Generic
Schneier on security, the world's Security Technology Authority Bruce Schneier? At least you should have read his "application Cryptography") a wide range of content, including a frequently updated free electronic communication crypto-gram, with 0.13 million readers.

Slight paranoia, Christopher soghoian's blog. This guy was arrested and sued by the FBI for hacking (he set up a website to demonstrate how to easily forge a boarding pass and bypass identity checks at the airport. He kept thanking his lawyers on his blog and is now on vacation in Munich, Germany. It seems that he was not sentenced. Isn't it exciting?

Internet Security
The sans Internet storm center should not be introduced here. It is an Internet warning system. In fact, the Sans website is a rich resource. Weekly Bulletin Board newsbites and vulnerability reports @ risk, and various technologiesArticle.

. NET and Windows Security
. Net security blog, blog of Microsoft engineer Shawn Farkas.
Aaron margosis's weblog, a Microsoft consultant's blog, is not often updated.
Michael Howard's web log, a Microsoft Security Technical Expert, you should have heard of it.
Microsoft Security response center blog, Microsoft official response center.

Due to the background of the author, security resources such as Java and other platforms (LAMP) are not listed. Please add it.