Review of Software Security Engineering Posted just posted my three star review of Software Security Engineering: A Guide for Project Managers. From the review:

The Addison-Wesley Software Security Series is generally a great collection, with titles like Software Security: Building Security In (my rating: 5 stars), Rootkits: Subverting the Windows Kernel (my rating: 4 stars), and Exploiting Software: How to Break Code (my rating: 4 stars). I particularly liked the first of those three (SS:BSI), which I reviewed last year. I felt Gary McGraw wrote "a powerful book with deep truths for secure development." Software Security Engineering (SSE), by a collection of authors, pales in comparison to SS:BSI. You can skip SSE and stick with SS:BSI.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.


Anonymous said…
Hi Richard,

For what it's worth, I agree with your assessment. Two things to note: 1) SSE is aimed at managers and not technical types, 2) SSE was based on material published on the DHS Building Security In website. There are many authors.

Anonymous said…
I read this review. very good review.
Unknown said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia