The Pragmatic Programmer
Your Journey to Mastery · 20th Anniversary Edition
Thomas and Hunt's career-defining set of practical heuristics for writing software professionally — orthogonality, broken-windows, DRY, tracer bullets, and the underlying argument that craftsmanship is a posture, not a process.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- David Thomas,Andrew Hunt
- Published
- 2019
- Publisher
- Addison-Wesley Professional
- Pages
- 352
- Edition
- 20th Anniversary Edition
- Language
- English
Read this if
Every working software engineer, regardless of years of experience. The 20th-anniversary edition is the most current version of the field's most quoted book on professional software development; security engineers benefit because most security failures are software-quality failures wearing a different name.
Skip this if
Readers wanting domain-specific (security, ML, distributed-systems) depth; the book is deliberately general. Also not a methodology book — Thomas and Hunt are anti-methodology in spirit and explicitly so in the text.
Key takeaways
- Most security defects are software-quality defects; the book teaches the foundations that make secure code possible to write.
- The list of heuristics is shorter than the book — 100 tips on a card — but the prose is what makes them stick.
- The 20th-anniversary updates (concurrency, declarative thinking, observability) are the parts that justify the new edition for someone who read the original.
Notes
Pair with Designing Secure Software (Kohnfelder), Designing Data-Intensive Applications (Kleppmann), and Security Engineering 3e (Anderson) to put a security frame around the craft frame. Read it twice five years apart; the same chapters mean different things at different career stages. The most recommended 'first book' on professional software development and the rare instance where the marketing's claim of evergreen is approximately true.
What to read before
What to read before The Pragmatic Programmer →Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Beginner · 2020
Alice and Bob Learn Application Security
Tanya Janca's hands-on AppSec primer covering threat modeling, secure design, secure coding, testing, deployment, and the social side of running an AppSec program — through a friendly, narrative-driven structure.
What to read next
What to read after The Pragmatic Programmer →Intermediate · 2018
Social Engineering
Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.
Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Explore similar books
Alternatives to The Pragmatic Programmer →Beginner · 2021
How Cybersecurity Really Works
Sam Grubb's gentle, exercise-driven introduction for non-specialists who need a working mental model of attacker behaviour and basic defence.
Beginner · 2019
Foundations of Information Security
Jason Andress' compact tour of the field: confidentiality / integrity / availability, identification and authentication, network and OS controls, written for newcomers and adjacent disciplines.
Beginner · 2025
Linux Basics for Hackers
OccupyTheWeb's introduction to Linux from the angle that hackers and pentesters actually need it: shells, networking, scripting, and Kali tooling.