The list author says: "So you want to hunt bugs, eh? Learning how to hunt bugs no longer requires reading every issue of phrack from the last decade, you can get started by reading a few good books and spending some quality reading time on your nearest couch or beach.
This list covers the basic skills of software testing, fuzzing, reverse engineering, source code and binary security analysis, and exploitation. And I threw in a book on rootkits, just for fun."
"This book's emphasis on the process of bug hunting makes it the ideal book to start with. If you get hooked on bug hunting from this book, then you should read the rest of the books on this list for more in-depth knowledge."
"This book does a great job of covering C programming, assembly programming, vulnerability discovery, and exploitation all in one. This book makes a great follow-up to a Bug Hunter's Diary with more in-depth technical information."
"Shameless self-promotion. This book is a lightweight book on software security testing and assessment. It covers basic software security testing methodologies, web security testing proxies, fuzzing, and crash analysis."
"More shameless self-promotion. Hacking modern Windows and Linux systems is hard work, hacking Macs is much more fun. They are a good place to get started writing exploits because they don't have the level of exploit mitigations like address space layout randomization and non-executable memory and that other modern systems have."
"This is the Security Bug Bible. Written by some of the best bug hunters in the business, this book describes software vulnerability classes in a number of programming languages and how to find them via manual source code analysis."
"IDA Pro is the de facto reverse engineering tool. A familiarity with this tool is necessary for even casual static binary security analysis. An older version of IDA Pro is provided as freeware, so there is no excuse not to be familiar with it."