Introduction
My students teach me so much. As I hear the questions they ask and read the assignments they submit, I learn where they face challenges in securing their systems. I learned about threats over a decades-long career, from a few wise teachers and from many mistakes. As I mention in the acknowledgments, this book really was catalyzed by a simple question: “Where do I go to learn about the threats?”
A bit like “There's good in him, I've felt it,” I've felt that question in so many conversations. The word security subsumes a great deal of complexity and nuance. I was going to say we tend to learn about threats by osmosis, but that's not true. We tend to learn about threats when something blows up. Even when that something is smaller than a Death Star, the lessons are often traumatic, sometimes career-changing. Tragedy is a bad teacher.
If we want to be systematic in our search for threats to our products, we must be structured in how we learn and teach about those threats.
Who This Book Is For
This book is for every engineer.
It will be most useful to those who build or operate complex software-rich systems. There are hard trade-offs in engineering, which are made harder when security goals are obscure or vague. The book is focused on systems that incorporate code, but these days, what doesn't? Engineers who work in more traditional parts of the field (aerospace, chemical, civil, mechanical) are finding that these more elegant systems from a more mechanical time are ...
Get Threats now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
