One of the most definitive security books ever!   September 4, 2003

Ross Anderson writes on nearly every major security topic in great depth and with vast insight.


Five stars not enough   July 2, 2003
  1 out of 3 found this review helpful

Five stars for Ross Anderson's Security Engineering are just not enough - you have to read the book to understand what I mean. I won't repeat what other reviewers here on amazon.com have said; instead I'd say that the author is THE security expert. His amazingly broad and in-depth security expertise and good writing style resulted in a book which is not only comprehensive and detailed, but also interesting to read. You can be an expert in one, two, well, three (out of 10) domains of information security, but it seems the author is equally at home when writing about all 10 domains. I wish I was his student!


A watershed book for the security community   June 27, 2002
  14 out of 15 found this review helpful

This book changes everything. "Security Engineering" is the new must-read book for any serious information security professional. In fact, it may be required reading for anyone concerned with engineering of any sort. Ross Anderson's ability to blend technology, history, and policy makes "Security Engineering" a landmark work.

Engineers learn more from failure than success. "Security Engineering" brings this practice to life, investigating the design and weaknesses of ATM machines, currency printing, nuclear command and control, radar, and dozens of other topics. Anderson's insights are accurate and helpful, partly because he's served as consultant for diverse industries. His descriptions of criminal and intelligence agency exploitation of insecure systems are startling; fake cellular base stations, fly-by-night phone companies, TEMPEST/EMSEC viruses, freezing electronics to preserve RAM -- all are explained in layman's terms.

The bibliography offers exceptional opportunities for further research, but the second edition needs a glossary. I found some of the cryptography chapter too complicated for non-mathematicians. I also believe the author was misled by whomever told him that "at the time of writing, the US Air Force has so far not detected an intrusion using the systems it has deployed on local networks." (p. 387) (I know from experience this is false.) Nevertheless, these are my only criticisms for a 612 page text.

"Security Engineering" is a book of principles, lessons, and case studies. It offers history, tools, and standards to judge engineering endeavors. This book actually inspired me to learn how brick-and-mortar engineers learn their trade, as their methods and failure analysis may apply to the software world. "Security Engineering" will remain relevant for years, but I recommend you read it as soon as possible.


If you buy only one security book this season...   June 7, 2002
  4 out of 6 found this review helpful

Ross Anderson's research group at Cambridge University is one of the best known in the computer security community, regularly winning best paper awards at the most prestigious conferences.

Knowledge from years of the group's research and Ross' personal experience is all distilled into a work that is very broad and accessible. Don't let the "engineering" in the title scare you - most of this book can be read by just about anyone and should be read by those studying corporate security or security policy. Not that cutting edge researches won't find it informative - for them the plethora of references alone are worth the price of the book.

--Stuart Schechter
Harvard University


excellent   May 26, 2002
  2 out of 3 found this review helpful

I've been doing security (mostly cryptography) for many years. I'm confident that this book's 41 pages of crypto information will prove far more valuable to the average security person than Schneier's 750+. The whole book is similar, with a great deal of good information packed into a modest amount of space, yet entertaining and fun to read.