Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Building Secure Software: How to Avoid Security Problems the Right Way by John Viega, Gary McGraw ISBN: 0-201-72152-X Publisher: Addison-Wesley Pub Co Pub. Date: 24 September, 2001 Format: Hardcover Volumes: 1 List Price(USD): $54.99 |
Average Customer Rating: 4.3 (23 reviews)
Rating: 5
Summary: It's about time!
Comment: Viega and McGraw have finally written the book that the technical
community has been clamoring for. This is a refershing view of how to
build secure systems from two of the world's leading experts. Their risk
management approach to security is a central theme throughout the book.
Whether it's avoiding buffer overflows in your code, or understanding
component integration and interaction, this book offers readers a
comprehensive, hype-free guide. The authors demonstrate that
understanding and managing risks is an important component to any
systems project. This well written book is a must read for anyone
interested in designing, building, or managing systems.
Rating: 5
Summary: Read and heed and you're build secure software
Comment: If you're a code jockey or someone who expects the book to replace thinking don't buy this book. If you're an experienced architect or have a software engineering background you'll appreciate the magnificent work John Viega and Gary McGraw has done by showing the security risks in software development and giving realistic advice about how to deal with them.
Every chapter contained information that got me thinking about the way my group develops software and what we've been overlooking, and many of the suggestions in this book have been added to our process. I've personally been influenced deeply by this book and mave made it mandatory reading in our development group. For those who advise against the book I can only conclude that they either don't get it, or they don't have the experience and training to appreciate what the authors have written. That may account for why there is so much insecure software written today, because if this book is read and followed software would be greatly more secure. I want to congratulate the authors for a job well done. I highly recommend this book!
Rating: 5
Summary: An Indictment for Applications Development
Comment: Many transformations begin with an indictment. Two notable examples are Martin Luther's "95 Theses" criticizing the Catholic Church, which began the Reformation, and Ralph Nader's denunciation of the auto industry with "Unsafe at Any Speed." An indictment of the software industry and its indifference to writing secure software hasbeen published in "Building Secure Software: How to Avoid Security Problems the Right Way" by John Viega and Gary McGraw.
Twenty years into the client-server revolution, and a decade into the Internet revolution, it's a measure of inadequacy of secure coding that only now are the first books being written on how to secure software -- the very foundation of information systems.
Software developers who code without taking security into consideration are potentially as dangerous as a physician prescribing a drug without knowing its side effects. As a society, we should tolerate neither.
While security products such as firewalls, encryption devices, event monitoring and intrusion-detection systems are needed to secure networks; it must not be forgotten that behind every security problem is a common enemy -- insecurely written software.
Building secure software is not rocket science. Writing secure code doesn't mean turning every developer into a world-class cryptographer. It simply means training them in the fundamentals of how software works, including security. If corporate end users can betrained not to send inappropriate (sexist, racist, confidential, etc.) e-mail via corporate servers, then software developers can certainly be trained to write secure software programs.
The revolution needed in software development is to integrate security into software engineering. The current approach in software is to patch problems after they occur. In fact, 2003 saw the rise of many patch management companies; a sector that only came to be recently. Endless patching is a downward spiral that only serves to treat the symptoms, not the true problem, and only in a reactive manner. Had those same programmers been trained in writing secure code, much of the problems would have been obviated and billions of dollars saved in the interim.
It's all the rage to send development offshore in the name of saving money. If companies understood how much more money could be saved by building secure software from the get-go, rather than bolting security on as an afterthought; wouldn't they do the same?
It's frightening to think that in just a matter of years, everything but the food we eat will have an IP address attached to it. When the time comes that your family vacation commences with a flight on a pilot-less airplane, here's hoping the developers of the navigation and control systems knew the rudiments of writing secure software.
 |
Title: Writing Secure Code, Second Edition by Michael Howard, David C. LeBlanc ISBN: 0735617228 Publisher: Microsoft Press Pub. Date: 04 December, 2002 List Price(USD): $49.99 |
 |
Title: Exploiting Software : How to Break Code by Greg Hoglund, Gary McGraw ISBN: 0201786958 Publisher: Addison-Wesley Professional Pub. Date: 17 February, 2004 List Price(USD): $49.99 |
 |
Title: Secure Coding: Principles and Practices by Mark G. Graff, Kenneth R. Van Wyk ISBN: 0596002424 Publisher: O'Reilly & Associates Pub. Date: July, 2003 List Price(USD): $29.95 |
 |
Title: Secure Programming Cookbook for C and C++ by John Viega, Matt Messier ISBN: 0596003943 Publisher: O'Reilly & Associates Pub. Date: 14 July, 2003 List Price(USD): $49.95 |
 |
Title: Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson, Ross Anderson ISBN: 0471389226 Publisher: John Wiley & Sons Pub. Date: 22 January, 2001 List Price(USD): $65.00 |
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
