Best Books of the Month Holiday Dress Guide nav_sap_plcc_ascpsc New album by Luke Bryan Electronics Gift Guide Limited time offer Handmade Gift Shop Holiday Home Gift Guide Book a house cleaner for 2 or more hours on Amazon life life life  Echo Devices starting at $29.99 Save $30 on All-New Fire HD 8. Limited-time offer. $20 off Kindle Paperwhite Shop Now HTL17_gno Industrial Deals HPC

Customer Review

on October 15, 2004
This was a very frustrating book to read. It appears to be targeted to a very specific type of reader, yet this reader isn't well described. It exists in a disciplinary vacuum; there are only two references; one of them is to the excellent Howard/LeBlanc "Writing Secure Code", the other is to a book written ten years ago. If you have to ask "what is UML and why is it important?", this book won't help.

On the other hand, if you're a member of a large software development team using formal design methods, this book will give you a workable approach to making sure that the security aspects of your project are comprehensively addressed.

There are two serious defects in the approach described by Swiderski and Snyder. The first is that their approach has serious scalability problems. Like nearly all software modeling methods, it's based on drawing pictures and making lists that must be manually collated and organized. (...)

The other defect in the book is its assumption that "an adversary will not attack the system without assets of interest." In fact, the vast majority of attacks these days are blind attacks from viruses and worms that attempt to invade any host they can gain access to, regardless of the value of any assets it may contain or represent. This fact requires the designer/defender to exhaustively address all possible vulnerabilities, not just the important ones. Managing the enormous list of possible attacks against possible vulnerabilities makes scalability a critical issue.

The threat modeling approach is probably the best one available for identifying security issues that must be addressed in a software system, but its current state is far from satisfactory.
0Comment| 14 people found this helpful. Was this review helpful to you? Report abuse| Permalink
What's this?

What are product links?

In the text of your review, you can link directly to any product offered on To insert a product link, follow these steps:
1. Find the product you want to reference on
2. Copy the web address of the product
3. Click Insert product link
4. Paste the web address in the box
5. Click Select
6. Selecting the item displayed will insert text that looks like this: [[ASIN:014312854XHamlet (The Pelican Shakespeare)]]
7. When your review is displayed on, this text will be transformed into a hyperlink, like so:Hamlet (The Pelican Shakespeare)

You are limited to 10 product links in your review, and your link text may not be longer than 256 characters.