Thursday, August 14, 2008

Schneier on Security the book

Looks like Bruce Schneier has a new book coming out:Schneier on Security. It is a collection of his essays on security.

I've made no secret that I respect Bruce Schneier's opinions. I was a big fan when Applied Cryptography helped me implement a type of encryption algorithm for a job under a tight deadline.

--Let me extend a professional note that there are many things wrong with regular software developers coding their own encryption algorithms. Also, let me note that there are many things wrong with implementing any type of security in a timeline that would cause its development, and more importantly testing, to be hurried. I would also like to note that I advised against rolling our own encryption for that project upfront and I would recommend that software developer do the same.

Security is a tough field of study. It is a field that combines engineering and hard sciences with human sciences. Bruce Schneier is the first person, in Beyond Fear, who explained the dichotomy of security to me. In security there are the elements of perceived security and actual security.

Schneier argues that each is equally important. I agree.

What makes this challenging is there are very few people who are comfortable operating in both realms of security. What I find very interesting about this field is that one element of security is considered a 'hard' science, and the other a 'soft' science.

There aren't many scientists who are comfortable operating in both realms. Schneier seems to operate within both realms with great aplomb.

I recommend reading Bruce Schneier's books. They contain excellent content and are enjoyable to read.

No comments: