I'll clarify - I consider Security Engineering and TAOSSA to be landscape volumes - they cover a great deal of depth. Security Engineering is more on the defensive/development side while TAOSSA is on the offensive/assessment side. I agree with you that TAOSSA should be the one to read if you have to only read one.
With regard to malware analysis - TAOSSA teaches source code review to a depth that very few other texts approach in a useful way. Source code review - and the category of vulnerabilities that lend themselves to that assessment - is useful for malware analysis in turn because it teaches the reader what sort of issues malware might try to exploit in a system.
This focuses on the high end of malware - for rote malware analysis and incident response I agree it's not going to be helpful. Like I said, it's more of a foundational work.
With regard to malware analysis - TAOSSA teaches source code review to a depth that very few other texts approach in a useful way. Source code review - and the category of vulnerabilities that lend themselves to that assessment - is useful for malware analysis in turn because it teaches the reader what sort of issues malware might try to exploit in a system.
This focuses on the high end of malware - for rote malware analysis and incident response I agree it's not going to be helpful. Like I said, it's more of a foundational work.