This amazing report about the state of software security would be welcome material in any modern discussion. Originally classified in 1970, it was declassified in 1975. The authors cover fundamentals of security more completely and thoroughly than many modern authors. This should be required reading in our field. I looked at the overall architecture diagram and was frankly amazed that (a) it was drawn nearly 40 years ago and (b) it needed practically no redrawing to be applied to modern systems.
Security Has Not Come Far in 40 Years