designing secure software book cover

The Good

Mr. Kohnfelder writes clearly and enjoyably about a very technical topic, not an easy feat. I also appreciate how privacy is intentionally discussed and revisited throughout.

The “Patterns” chapter and both chapters in “Part II: Designs” stand out for me. Also Appendix A, which has a sample design document we are invited to work through. How often does an author figure out a way to give motivated learners an opportunity to practice fleshing out a design and then SDR it?

Bravo!

The Bad

What a shame that this book is not more popular!

I almost skipped over it myself because it came to me in a “pile” (as part of a Humble Bundle), which I purchased primarily to read something else. I happened to peek at the foreword (written by Adam Shostack, and offering a compelling endorsement of its contents) and preface and got serendipitously snagged into reading the whole thing.

Definitely underrated right now, though I expect this will change over time.

Parting Thoughts

A fun tidbit I learned was that Mr. Kohnfelder co-developed the STRIDE threat taxonomy. Yes, that STRIDE.

The original paper, published internally at Microsoft in 1999, is publicly available now, which is a gift for those of us who appreciate history and study its artifacts.

This is a book I can heartily recommend, especially to those who are new to application security and could benefit from a solid foundation from which to learn about secure coding.

– JW