Sunday, December 07, 2008

Review of Software Security Engineering Posted

Amazon.com just posted my three star review of Software Security Engineering: A Guide for Project Managers. From the review:

The Addison-Wesley Software Security Series is generally a great collection, with titles like Software Security: Building Security In (my rating: 5 stars), Rootkits: Subverting the Windows Kernel (my rating: 4 stars), and Exploiting Software: How to Break Code (my rating: 4 stars). I particularly liked the first of those three (SS:BSI), which I reviewed last year. I felt Gary McGraw wrote "a powerful book with deep truths for secure development." Software Security Engineering (SSE), by a collection of authors, pales in comparison to SS:BSI. You can skip SSE and stick with SS:BSI.


Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.

3 comments:

gem said...

Hi Richard,

For what it's worth, I agree with your assessment. Two things to note: 1) SSE is aimed at managers and not technical types, 2) SSE was based on material published on the DHS Building Security In website. There are many authors.

gem

http://www.cigital.com/~gem

Aparna said...

I read this review. very good review.

Biren Kumar said...
This comment has been removed by a blog administrator.