Probably the best IT security book of the year is Adam Shostack’s Threat Modeling (Amazon page).
The book is an honorable mention finalist for “The Best Books” of the past 12 months. This is the first time a security book has been on the list since my Applied Cryptography (first edition) won in 1994 and my Secrets and Lies won in 2001.
Anyway, Shostack’s book is really good, and I strongly recommend it. He blogs about the topic here.
Brian • November 3, 2014 4:18 PM
You already have to read endless wall of text in schools. My god, another 10000 page book is here!
Bauke Jan Douma • November 3, 2014 5:36 PM
A book by a guy from the Microsoft Trustworthy Computing department.
Ouch!
Nick P • November 3, 2014 5:53 PM
Thanks for the tip. Ill add it to my to-read list.
Clive Robinson • November 4, 2014 1:03 AM
@ Bruce,
I’m guessing you don’t wish to be unpleasent, but your second paragraph does come across as “rubbing the nose in it” with you saying “Honorable Mention” for Adam’s book and “won” and “won” for your two books.
I know from experiance that “third parties” looking for mud to sling will grab whatever they can find and throw it. It’s just one other/more reason I don’t have my own blog. It’s also I suspect one of the reasons modern politicians don’t say much more than sound bytes.
I once heard an actress talking at a conferance in which she mentioned that fame is not just fickle, along with the glitz and glamour it has down sides, in that the more you get given the less of a life you have of your own, and the more likely people will be to dig for dirt and sling mud, and she joked that as with a mud bath, “to avoid the worst of it, it’s best to keep your mouth closed, smile demurely, and think of England”, which got the expected laugh from the audience.
Andrew_K • November 4, 2014 3:19 AM
I once heard an actress talking at a conferance in which she mentioned that fame is not just fickle, along with the glitz and glamour it has down sides, in that the more you get given the less of a life you have of your own, and the more likely people will be to dig for dirt and sling mud, and she joked that as with a mud bath, “to avoid the worst of it, it’s best to keep your mouth closed, smile demurely, and think of England”, which got the expected laugh from the audience.
–Clive Robinson
That sounds exactly what being a scientist is like. Especially the part with the mud and the dirt.
Dilbert • November 4, 2014 8:17 AM
I’ve done a fair bit of Threat Modeling in recent years, and wrote an article about secure application development as well. I know Microsoft just updated their Threat Modeling tool, but haven’t had an occassion to try it out yet.
This book went straight into my cart at Amazon. I’ll be reading it and writing a review for my CISSP CPEs after the new year 🙂 I’m looking forward to this read.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Me • November 3, 2014 9:22 AM
Seems to me what the field needs is you writing more books.