Additional Thoughts on Reviews

I received some good comments on my previous post about my reviews. A few people at Black Hat Federal yesterday asked similar questions, namely: "Why don't you post bad reviews? We think they are more helpful than good reviews."

First, let's consider the definition of "bad review." I've never given a book 1 star. I've only given a few books two stars. For example, this book was awful. It's also got the highest number of fake positive reviews I've ever seen. (Many are written by people who have only reviewed the author's books, which is an indicator of being planted by the author.) The author somehow got to reject my original review. In the second review (which is now posted), I restricted my comments to quoting outrageously bad technical details that neither the author nor could deny.

My reading and reviewing habits are usually contrary to posting bad reviews. I am not the typical "reviewer" who gets a free book from the publisher, skims the contents, looks at the back cover, and then posts a so-called "review." In almost every case I read the whole book, or at least enough of the book to ensure I cover the author's main points. (Sometimes I do skip material. For example, I am not going to read about compiling software using "./configure, make, make install" in a sys admin book.)

Therefore, reading and reviewing is a fairly serious time commitment. As a result my reading list is about 50 books deep now. Publishers send me dozens of books per year. 95% of the time I have already identified the ones I want to read by adding them to my Wish List. If you're a publisher and you want a book review, please first check that list. If your book is not on it, I will probably not ever review it.

Books sent to me by publishers that go unread are not sold on eBay. I give them away at conferences or classes. I gave about 30 books away at ShmooCon, with the hope that attendees read and review them.

Given this scenario, sometimes I do write three star reviews. That sort of assessment means I thought the book had potential, so I decided to read it. While reading, I became disappointed by the content or technical accuracy. In 2005, I wrote 26 reviews. Of those, four were three-star reviews. This is a good example. I hoped that would be a good book, but the material covered plus the technical inaccuracies really sunk it for me.

The books most likely to get a low review are those I personally purchase. I may buy a book because it seems very good on the surface. If while reading it I find errors or other problems, I will definitely provide a bad review. I will probably not read all of a bad book in this case. The fact that I paid for the book will make me feel better about reviewing a book I have not thoroughly read.

I do not enjoy writing bad reviews. As an author, I do not like seeing my books receive low reviews. Thankfully that has only happen infrequently, and in the most recent case I can cite personal problems with one reviewer. As an author I also know that writing a book represents committing a lot of time and effort. If a lousy book somehow manages to slip through the editing process, or if the publisher refuses to correct deficiencies despite being notified, then I am more likely to post a bad review.

In some cases I even dislike writing 4 star reviews, since I can tell the author spent a lot of time on the book. A book that is technically sound can still receive a four star review. I usually deduct stars for covering material that has appeared elsewhere. I am a proponent for publishing new material, and I am disappointed when I see one good book followed by a handful of copycats who provide little original material.

I welcome your comments on this issue.


Anonymous said…
I think you give honest reviews supported by a bunch of facts - that is what I like about your reviews. I may disagree/agree with your review butI do appreciate the in-depth review as opposed to the many that just flip through the back cover and post a review (you can typically tell which ones those are) with little facts to support their thoughts.

Anonymous said…
Your reviews are good because a) you actually read the books b) you don't regurgitate the blurb/marketing material and c) you're actually honest in your reviews. Ok, so you would expect to find poor reviewers on Amazon. But when so-called "Top 500" reviewers just write rubbish I would assume people would expect better. I was reading a Ciscopress CCNA book review recently and no joke, a "Top 500" reviewer basically said: "This is a Cisco-published book. Cisco publishes the CCNA, so this automatically should be a good book to get for CCNA exam study. Buy this book." And then I'm sure some idiots voted it helpful as well. wtf?!
Anonymous said…
Amazon's interface to your reviews sucks. It's split over a dozen pages, so it is difficult to see, for example, all of the books that you gave five stars to. Having a list of each book, author, and number of stars on a single page would be helpful. I've emailed amazon about this before to no avail. Thanks for the reviews though, they've been quite helpful to me. I remember using your review of Chirillo's book to convince someone that it was rubbish.
Sean C said…
Interesting to note that you believe Amazon was able to delete your first post. I didn't know Amazon would scrub comments and only look for 'favorable' comments.

I've been comtemplating to start reviewing my collection of networking books. I have a large collection of CiscoPress books and only have started to, within the past year or so, relied on IPSec books. I'll probably score most books at a 4. I'd pretty much reserve 5 stars for the 'bibles' - Stevens, Perlman, probably a Bejtlich ;-). I'd probably limit my lowest rating to a 3.

BTW - I really apprectiate your reviews. I think they are some of the best reviews out there.

Thx, Sean
Unknown said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4