Information security with a software hardening focus has been coming up a bit lately. Picked up a Engineering Trustworthy Systems over the week end as a refresher along with digging out my copy of Cryptography Engineering by Bruce Schneier to re-read.

This stuff is more about system architecture and design than it is about algorithms and coding so these books should be a good touchstone. Coding standards and use of standard algorithms and protocols can cover the fine grained issues. The larger scale issues tend to be less well attended to and more prone to providing openings to the bad guys.