Mark G. Graff
Autor de Secure Coding: Principles and Practices
1 Obra 108 Miembros 3 Reseñas
Obras de Mark G. Graff
Etiquetado
2012-0205 (1)
2014-0913 (1)
coding (3)
computación (1)
Computadora (3)
computadoras (5)
Computing Science (1)
crypto (1)
Dennis (1)
Desarrollo (1)
E (1)
Encuadernación en rústica (2)
file:computing/security (1)
goodreads:3.43/44 (1)
haveebook:epub (1)
haveebook:pdf (1)
Hien Nguyen (1)
Informática (6)
infosec (2)
Libro electrónico (3)
Lista de deseos (1)
loc-calibre-library (1)
loc:boston (1)
MacRobert Floor 8 (1)
No ficción (2)
O'Reilly (2)
Por leer (4)
profesional (1)
Programación (2)
Programación (13)
Propio (1)
put_to_storage_computing (1)
seguridad (14)
Seguridad de la información (1)
Seguridad informática (4)
Software (2)
Tapa blanda (2)
Tecnología (2)
Tecnologías de la información y la comunicación (1)
unchecked (1)
Conocimiento común
Todavía no hay datos sobre este autor en el Conocimiento Común. Puedes ayudar.
Miembros
Reseñas
Denunciada
eri_kars | 2 reseñas más. | Jul 10, 2022 | I'm a professional software developer, for years I did IT contract and consulting jobs with focus on security related work, and for years I wrote about security for TechRepublic (eight out of my fourteen articles a month for much of that time being specifically on security topics). Even so, a good book about secure coding should teach me a lot. None of us know everything.
This book taught me very little. The one theme the authors identified as most important (treating security in the application development process as a holistic system concern) is, indeed, very important -- but that message required reminders to bring it back to the reader's mind in the course of reading the book, and much of what it discussed was strangely segregated by distinct parts of the system under development and stages of a bureaucratic, artificially modularized development process that, at the time the authors wrote the book more than a dozen years ago, was already recognized by many security and software development innovators as woefully inadequate to the needs of the time. The authors' favored software development process (which serves as the basis for the book's entire structure) is a waterfall methodology -- not only already regarded as more impediment than aid to development of high quality, reliable, secure software, but actually named "waterfall" originally in a scholarly, scathing indictment of a methodology that at the time of that denouncement was only just emerging from the bureaucratic project management soup of large corporations. That a book aiming to provide the modern (post-2000) standard for secure coding practice assumed a methodology named (by Herbert Bennington) for the sake of denouncing its toxicity to the development of quality software in 1956 is inexcusable.
All that having been said, there is some good advice in this book, and some value in the book's discussion of checklists, questions to ask yourself, and myriad approaches to assessing, analyzing, and addressing security concerns in the development, deployment, and maintenance of software systems. Unfortunately, to extract maximum value from this book would require carefully culling the worst of it, reorganizing the best, augmenting it with improvements, and writing enough material to fill the holes to end up with a whole new book. By then, the original authors would probably deserve little credit for the work.
I was, in short, disappointed.… (más)
This book taught me very little. The one theme the authors identified as most important (treating security in the application development process as a holistic system concern) is, indeed, very important -- but that message required reminders to bring it back to the reader's mind in the course of reading the book, and much of what it discussed was strangely segregated by distinct parts of the system under development and stages of a bureaucratic, artificially modularized development process that, at the time the authors wrote the book more than a dozen years ago, was already recognized by many security and software development innovators as woefully inadequate to the needs of the time. The authors' favored software development process (which serves as the basis for the book's entire structure) is a waterfall methodology -- not only already regarded as more impediment than aid to development of high quality, reliable, secure software, but actually named "waterfall" originally in a scholarly, scathing indictment of a methodology that at the time of that denouncement was only just emerging from the bureaucratic project management soup of large corporations. That a book aiming to provide the modern (post-2000) standard for secure coding practice assumed a methodology named (by Herbert Bennington) for the sake of denouncing its toxicity to the development of quality software in 1956 is inexcusable.
All that having been said, there is some good advice in this book, and some value in the book's discussion of checklists, questions to ask yourself, and myriad approaches to assessing, analyzing, and addressing security concerns in the development, deployment, and maintenance of software systems. Unfortunately, to extract maximum value from this book would require carefully culling the worst of it, reorganizing the best, augmenting it with improvements, and writing enough material to fill the holes to end up with a whole new book. By then, the original authors would probably deserve little credit for the work.
I was, in short, disappointed.… (más)
Denunciada
apotheon | 2 reseñas más. | Dec 14, 2020 | Good language independent review of how to write secure code. Covers a wide range of things, particularly those not covered by other books which tend to focus on a particular language, application or field.
I was given a copy at OSCon in Portland several years ago.
I was given a copy at OSCon in Portland several years ago.
Denunciada
stuartyeates | 2 reseñas más. | Feb 12, 2007 | Estadísticas
- Obras
- 1
- Miembros
- 108
- Popularidad
- #179,297
- Valoración
- 2.8
- Reseñas
- 3
- ISBNs
- 3
Notice that I said "secure enough", not "secure". The authors of this book stress that there is no such thing as a completely secure system. Security is relative to the needs of the people running the system, and those needs change over time as new vulnerabilities are discovered and as the system is used in new ways. When considering security during the development process, one should always have a plan and a goal in mind. It is not enough to make the program secure; one must know that the system needs to protect against, for example, guarantee the integrity of a company's financial information or the privacy of a user's credit card number. And it needs to do so in the face of adversaries who do not play by the rules the system sets forth.
This book is worth reading and rereading.… (más)