Adam Shostack's Threat Modeling

Probably the best IT security book of the year is Adam Shostack’s Threat Modeling (Amazon page).

The book is an honorable mention finalist for “The Best Books” of the past 12 months. This is the first time a security book has been on the list since my Applied Cryptography (first edition) won in 1994 and my Secrets and Lies won in 2001.

Anyway, Shostack’s book is really good, and I strongly recommend it. He blogs about the topic here.

Posted on November 3, 2014 at 7:40 AM7 Comments

Comments

Brian November 3, 2014 4:18 PM

You already have to read endless wall of text in schools. My god, another 10000 page book is here!

Clive Robinson November 4, 2014 1:03 AM

@ Bruce,

I’m guessing you don’t wish to be unpleasent, but your second paragraph does come across as “rubbing the nose in it” with you saying “Honorable Mention” for Adam’s book and “won” and “won” for your two books.

I know from experiance that “third parties” looking for mud to sling will grab whatever they can find and throw it. It’s just one other/more reason I don’t have my own blog. It’s also I suspect one of the reasons modern politicians don’t say much more than sound bytes.

I once heard an actress talking at a conferance in which she mentioned that fame is not just fickle, along with the glitz and glamour it has down sides, in that the more you get given the less of a life you have of your own, and the more likely people will be to dig for dirt and sling mud, and she joked that as with a mud bath, “to avoid the worst of it, it’s best to keep your mouth closed, smile demurely, and think of England”, which got the expected laugh from the audience.

Andrew_K November 4, 2014 3:19 AM


I once heard an actress talking at a conferance in which she mentioned that fame is not just fickle, along with the glitz and glamour it has down sides, in that the more you get given the less of a life you have of your own, and the more likely people will be to dig for dirt and sling mud, and she joked that as with a mud bath, “to avoid the worst of it, it’s best to keep your mouth closed, smile demurely, and think of England”, which got the expected laugh from the audience.
–Clive Robinson

That sounds exactly what being a scientist is like. Especially the part with the mud and the dirt.

Dilbert November 4, 2014 8:17 AM

I’ve done a fair bit of Threat Modeling in recent years, and wrote an article about secure application development as well. I know Microsoft just updated their Threat Modeling tool, but haven’t had an occassion to try it out yet.

This book went straight into my cart at Amazon. I’ll be reading it and writing a review for my CISSP CPEs after the new year 🙂 I’m looking forward to this read.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.