Compared to writing Exploiting Software, writing this book was a breeze. Our collaboration was stronger than ever, fueled by pirate rum and a desire to get this book into your hands. Many people helped, both directly and indirectly. We'll take the blame for errors and omissions, but we want to share the credit with those who helped us.

A number of kind people provided reviews for early drafts of this book: Richard Bejtlich, Pravir Chandra, Brian Chess, Greg Cummings, Jim DelGrosso, Michael Gegick, Marcus Leech, Amit Sethi, and Ken van Wyk. Kathy Clark-Fisher provided the most detailed reviews and a complete edit to boot, and for that we're eternally grateful.

We also owe a great deal of gratitude to our publisher, Addison-Wesley, especially our editor, Karen Gettman, and her assistant, Romny French. Jessica Goldstein has also been great even though this is not one of her books. Chrysta Meadowbrooke banished several hobgoblins and made our sentences parse. Thanks for the support and encouragement as we bulldozed our way through.

Greg's Acknowledgments

I acknowledge my beautiful firebrand wife Penny, and all other wives and partners of gamers, from whom video games have taken so much.

Gary's Acknowledgments

My company Cigital continues to thrive and prosper. Under the apt leadership of John Wyatt, we are back on track with impressive growth and superb execution. I like working at Cigital because of the smart people I am surrounded by on a daily basis. To be sure, the problem of making software behave is challenging, but with great creativity and flair Cigital continues to demonstrate thought leadership second to none.

Special thanks to the executive team and the Board for allowing me the freedom to think and write: Jeff Payne, John Wyatt, and members of the Cigital Board. The Cigital Principals, purveyors of the Justice League blog, keep me sharp and expand my technical horizons on a daily basis. Thanks to Pravir Chandra, Scott Matsumoto, Sammy Migues, Craig Miller, and the unflappable John Steven for making work a joy.

I owe a great debt of gratitude to Ryan MacMichael, Cigital's Web guru. Ryan takes my crazy ideas and makes them real. Thanks to Ryan, Brandi Ortega, and Kathy Clark-Fisher (editor of IEEE Security & Privacy magazine), the Silver Bullet Security Podcast continues to thrive.

Much of Cigital's success as a business can be directly attributed to the hard work of the Managing Principals. Thanks to Richard Brown, Jim Casey, Drew Kilbourne, John Reilly, and Garry Yeates for treating our customers right. Also thanks to Pat Higgins for keeping me on airplanes.

Cigital's Software Security Group (SSG) pushes the limits of applied software security on a daily basis. Special shouts to Paco Hope, the Canuck, Eric the French guy, and Will Kruse. I am also supremely pleased to be working with Susyn Conway and Lynn Nolitt on a daily basis. Thanks for the oxygen, Susyn. And of course I could not even begin to function without Tahsin Imam (the all-powerful T) and Chris Johnson to keep my nose pointed in the right direction. There are many others at Cigital who deserve mention, and I must say that I enjoy working with you all.

My coauthor Greg Hoglund was a blast to work with during this project. Our collaboration is stronger than ever. Though our book sessions tended to degenerate into postadolescent, rum-filled pirate runs, we still got things done. Thanks to Greg for providing the technical backbone of this book, identifying the topic, and asking me to write it with him. If you like the depth of technical material in this book, blame Greg.

Like all of my books before, this one has been indirectly shaped by my friends in the security community. Thanks to Mike Ackerman, Ross Anderson, Annie Anton, Becky Bace, Steve Bellovin, Matt Bishop, Brian Chess, Bill Cheswick, Crispin Cowan, Drew Dean, Dorothy Denning, Jeremy Epstein, Dave Evans, Ed Felten, Dan Geer, Virgil Gligor, Li Gong, Peter Honeyman, Mike Howard, Steve Kent, Paul Kocher, Carl Landwehr, Patrick McDaniel, Greg Morrisett, Peter Neumann, Jon Pincus, Bill Pugh, Marcus Ranum, Greg Rose, Avi Rubin, Fred Schneider, Bruce Schneier, Gene Spafford, Kevin Sullivan, Roger Thornton, Phil Venables, David Wagner, and Dan Wallach.

Thanks to DARPA, the National Science Foundation, and the Advanced Technology Program for supporting my research work over the years. Cigital customers I interact with on a weekly basis and who have influenced my view of security in the real world include Lance Johnson (Visa), Jon Alibur (Fidelity), Marty Colburn (NASD), James Routh (DTCC), Kathy Memenza (Marriott), Mike Ackerman (Morgan Stanley), and Jerry Brady (Morgan Stanley).

Most important of all, thanks to my family. Love to Amy Barley, Jack, and Eli. Thanks to my dad, my grandma Ruth, my brothers Walt and Chris, and Nora and Simone for their love. Thanks to the 54-footed menagerie that inhabits our farm: ike and skillet, soupy, ghosty and soupy jr, sage and guthrie, lewy and lucy, the one remaining "girl" (soon to be joined by a new flock), picasso and petunia (the new peacocks), chin-chin and chilli, and moustache the bunny. Special thanks to my dear friends rhine and april, cyn and ant, doug and laura, and gina and joe for seeing me through the great leg debacle of 2007. The music and the friendship make my life complete.