This book is current. For example in relation to SET Anderson says "...is being allowed to expire quietly". Often conference, web and journal research fails to pick up the demise of an idea, research is swamped by the proposal. In my class I set research topics and get papers reporting what was to be, and rarely, what is. This book will replace most of my paper readings and, if I am not mindful, replace my role as skeptic before my class.

My pet topic traffic analysis gets a solid mention. Look, this book is comprehensive. There are 823 items in the bibliography. What would you expect from the foundation editor of Computer & Communications Security Abstracts.

The style is that of a self confident expert. There are many anecdotes of protocol failure with analysis.

I think it may be time to put book indexes online. I would love to see a search engine, returning key word in context with page references for this book. It is 612 pages long and I found the 18 page index insufficient. If my wishes came true, I would also have some discussion questions and exercises at the end of chapters. Each chapter has a summary, research problems and further readings, but no simple exercises.

The maths and BAN notation is kept to a minimum.

In summary, in my opinion, this book met three of its stated purposes, as a text, a reference and a significant contribution to the science (some might say art) of security engineering. It is a bit light on as an introduction to crypto, but good as an introduction to other fundamental security tools like tamper resistance, authentication, multilevel security and models.

I agree with Schneier who says in the foreword "It's the first, and only, end-to-end modern security design and engineering book ever written."