I'm going to guess that this post has limited interest to this audience (please correct me if I'm wrong).
But what may interest you, if you're a dev, is TAOSSA, Mark Dowd, John McDonald and Justin Schuh's awesome Addison-Wesley book on reviewing source code for security problems:
If you code, and there's just one book you're going to put on your shelf to fill the "security" slot, fuck Applied Cryptography (which is going to cause security problems in your code). This book is about as large, and, in stark contrast to Schneier, flipping to any page of it is probably going to improve the security of your product.
In the very best case with your company, people like Mark Dowd --- or at least people who've memorized his book --- are what you're up against the moment someone decides your security needs to be reviewed (to take credit card numbers, manage personal information, or get deployed at a Fortune 500 client).
This exploit is nothing short of a work of art; seriously, it's beautiful.
I haven't checked out TAOSSA, but I have to admit I've got a pretty dog-eared copy of Applied Cryptography here on my desk. In my defense, I only have it for light reading over lunch, I wouldn't dare implement anything from it by hand ;)
AC is bad. If you implement cryptography and you're not depending on it in some way, you're wasting time. If you do depend on it, you have to get it exactly right. Even people who do that for a living don't know exactly what that means.
I would say AC is good from a theory point of view, but bad as an implementation guide. Kind of in the same way that a Chilton guide will tell you all sorts of things about your car, but you shouldn't try to build a car from scratch based on it.
Ferguson and Schneier wrote a followup book, "Practical Cryptography", which addresses the shortcomings of "Applied Cryptography" --- it selects the "best" algorithms and protocols to use, and tries to document the pitfalls of actually implementing them in real software.
I recommend it with reservations. It's an extremely valuable book, especially if you're a security evaluator looking for crypto vulnerabilities. As an implementation guide, it misses glaring faults that real software constantly introduces.
There simply is no by-the-numbers guide to implementing crypto in an application, and doing it wrong is worse than not doing it at all.
But what may interest you, if you're a dev, is TAOSSA, Mark Dowd, John McDonald and Justin Schuh's awesome Addison-Wesley book on reviewing source code for security problems:
http://taossa.com
If you code, and there's just one book you're going to put on your shelf to fill the "security" slot, fuck Applied Cryptography (which is going to cause security problems in your code). This book is about as large, and, in stark contrast to Schneier, flipping to any page of it is probably going to improve the security of your product.
In the very best case with your company, people like Mark Dowd --- or at least people who've memorized his book --- are what you're up against the moment someone decides your security needs to be reviewed (to take credit card numbers, manage personal information, or get deployed at a Fortune 500 client).
Highest possible recommendation.