Adam Shostack's Threat Modeling

Probably the best IT security book of the year is Adam Shostack's Threat Modeling (Amazon page).

The book is an honorable mention finalist for "The Best Books" of the past 12 months. This is the first time a security book has been on the list since my Applied Cryptography (first edition) won in 1994 and my Secrets and Lies won in 2001.

Anyway, Shostack's book is really good, and I strongly recommend it. He blogs about the topic here.

Posted on November 3, 2014 at 7:40 AM • 7 Comments

Comments

BrianNovember 3, 2014 4:18 PM

You already have to read endless wall of text in schools. My god, another 10000 page book is here!

Bauke Jan DoumaNovember 3, 2014 5:36 PM

A book by a guy from the Microsoft Trustworthy Computing department.
Ouch!

Clive RobinsonNovember 4, 2014 1:03 AM

@ Bruce,

I'm guessing you don't wish to be unpleasent, but your second paragraph does come across as "rubbing the nose in it" with you saying "Honorable Mention" for Adam's book and "won" and "won" for your two books.

I know from experiance that "third parties" looking for mud to sling will grab whatever they can find and throw it. It's just one other/more reason I don't have my own blog. It's also I suspect one of the reasons modern politicians don't say much more than sound bytes.

I once heard an actress talking at a conferance in which she mentioned that fame is not just fickle, along with the glitz and glamour it has down sides, in that the more you get given the less of a life you have of your own, and the more likely people will be to dig for dirt and sling mud, and she joked that as with a mud bath, "to avoid the worst of it, it's best to keep your mouth closed, smile demurely, and think of England", which got the expected laugh from the audience.

Andrew_KNovember 4, 2014 3:19 AM


I once heard an actress talking at a conferance in which she mentioned that fame is not just fickle, along with the glitz and glamour it has down sides, in that the more you get given the less of a life you have of your own, and the more likely people will be to dig for dirt and sling mud, and she joked that as with a mud bath, "to avoid the worst of it, it's best to keep your mouth closed, smile demurely, and think of England", which got the expected laugh from the audience.
--Clive Robinson

That sounds exactly what being a scientist is like. Especially the part with the mud and the dirt.

DilbertNovember 4, 2014 8:17 AM

I've done a fair bit of Threat Modeling in recent years, and wrote an article about secure application development as well. I know Microsoft just updated their Threat Modeling tool, but haven't had an occassion to try it out yet.

This book went straight into my cart at Amazon. I'll be reading it and writing a review for my CISSP CPEs after the new year :) I'm looking forward to this read.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.