He co-authored the book "Secure Programming with Static Analysis" with colleague and Fortify founder, Brian Chess, in 2007. Today, the book remains one of the comprehensive guide to how developers can use static analysis to avoid the most prevalent and dangerous vulnerabilities in code.