Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

I have seen this book recommended 1000 times but never did more than skim it. Help me out: what do you like about it?


I would recommend this for "non-security" software engineers. i.e. those that don't specifically work in your field, but who must (I'm sure you'll agree) have a basic overview of what comprises a secure system, and a flavour of the kind of problems security engineers face.

That's it though. It covers the essentials. It will not teach you cryptanalysis. But it may inspire a student to choose a career in security, as it is well-written and has interesting stories from history.

I particularly recommend Chapter 13: Nuclear Command and Control - it's not at all relevant to what my job is (I'm sure you couldn't say), but I found the problem of balancing "absolutely must not go off by accident" and "absolutely must go off if the president says so" quite fascinating.

So I can't recommend it to you, as you're not its target audience. But I recommend it to every other software engineer - the chapters are quite self-contained so you can easily spread the reading out over several months (as I did).


I have read the first edition, not the second yet.

There is very little good material written publicly about building secure systems rather than breaking them or fixing components. This book describes a series of systems (not just stand alone IT systems) and describes their security in their social / cultural / physical context.

It's not a patch and firewall compliance guide, it uses the systems word appropriately. There are no big methodologies or techniques, which is appropriate as these just don't exist at the scale this book discusses.

For technical 'breakers' moving into the world of building it's a useful book.


Most programmers are, I think, quite capable of designing and building software to a set of specifications. However, most would not, in the process, also try to think of all the ways in which users and attackers would try to break their software. This book provides a comprehensive introduction to security issues in general and particular ways in which systems can be broken (and protected).

It is not prescriptive by any means but reading it provides a level of security awareness that is frequently lacking.

Knuth once wrote that before he writing tests for his programs, he puts himself in the meanest, nastiest mood he is capable of. I believe that this book can a similar purpose ,in the security context, for those of us to whom deviousness and cunning do not come naturally.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: