Domain: assuredbydesign.com
Stories and comments across the archive that link to assuredbydesign.com.
Comments · 8
-
High-Assurance Design
Those who are interested in this book might also be interested in High-Assurance Design (660 pages, Addison-Wesley). (See http://assuredbydesign.com/haa/) It has a foreword by Peter Neumann, and contains much of the same material as the book being reviewed, as well as many secure design patterns, social engineering patterns, and attack patterns. The book also covers the topic of software reliability - not just security. Disclosure: I wrote High-Assurance Design, as well as Prentice Hall and Sun Microsystem's book Advanced Java 2 Development For Enterprise Applications.
-
Another source
Those interested in social engineering might also want to read chapter 5 of my book High-Assurance Design (website at http://www.assuredbydesign.com/haa/). It contains a complete taxonomy of social engineering techniques and compares them to commonly known "con schemes" (e.g., "pigeon drop", "Spanish prisoner", "pump-and-dump"....) Chapter 5 happens to be available as a complementary download here: http://www.assuredbydesign.com/haa/chs/Berg_ch05.pdf
-
Another source
Those interested in social engineering might also want to read chapter 5 of my book High-Assurance Design (website at http://www.assuredbydesign.com/haa/). It contains a complete taxonomy of social engineering techniques and compares them to commonly known "con schemes" (e.g., "pigeon drop", "Spanish prisoner", "pump-and-dump"....) Chapter 5 happens to be available as a complementary download here: http://www.assuredbydesign.com/haa/chs/Berg_ch05.pdf
-
Book chapter that might help
My 2005 book High-Assurance Design (website at http://www.assuredbydesign.com/haa/index.html) has a chapter (first chapter; downloadable from http://assuredbydesign.com/haa/Berg_ch01.pdf) that explains the importance of assurance in business software design.
-
Book chapter that might help
My 2005 book High-Assurance Design (website at http://www.assuredbydesign.com/haa/index.html) has a chapter (first chapter; downloadable from http://assuredbydesign.com/haa/Berg_ch01.pdf) that explains the importance of assurance in business software design.
-
My book might be of interest
Not sure if it is of interest, but my own book, High-Assurance Design (2005, Addison-Wesley; http://assuredbydesign.com/haa/) attempts to identify a useful set of "principles" pertaining to both security and reliability for practical software engineering. I tried to target practicing software architects, and so the book is not written as a "security book" or a "reliability textbook", but a handbook of sorts. The taxonomy includes about 180+ principles, each explained in detail, with design patterns. It is not a programmer's book, as there is not alot of code in it, but rather a book about design. It also contains a taxonomy of social engineering techniques, which you might not find elsewhere. The book has a foreword by Peter G. Neumann, one of the pioneers of Multics and of secure design in general. I hope it is of value. Best regards, - Cliff.
-
Programmers don't care about security
In my experience as CTO of a respected software development company (Digital Focus), and since then as a consultant in the field of assurance and methodology, I have found that in general developers are not interested in security. E.g., my book, High-Assurance Design, which looks at application architecture from a security and reliability perspective, sells in very low numbers, while my Java books sold in very high numbers. "Hacker" books sell well because many developers want a "quick fix" to their apps, without really understanding security. And consumers are not interested in security either. Just look at Vista: its primary value proposition is that it is more secure. As a result, it is slower, and some drivers and apps don't work. (If you make things more secure, some things will break.) Witness the tremendous push-back by people, claiming that Vista is a "step backward". I myself use a Mac most of the time, but even given Vista's ill-conceived attempts at content protection, I find it interesting that people do not recognize the core value of Vista over XP (security). To me, it proves my point: people don't value security, until something bad happens to them personally.
-
Yet another enticement scheme
This is an example of an enticement scheme. There is a full taxonomy of schemes in chapter 5 of my book High-Assurance Design. The chapter can be downloaded from http://assuredbydesign.com/haa/chs/Berg_ch05.pdf.