Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Developing Trust", Matt Curtin

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKDEVTRS.RVW 20020514 Developing Trust , Matt Curtin, 2002, 1-893115-72-0, U$39.95 %A Matt Curtin cmcurtin@interhack.net %C 175 Fifth Ave., New York, NY
    Message 1 of 1 , Jun 17, 2002
      BKDEVTRS.RVW 20020514

      "Developing Trust", Matt Curtin, 2002, 1-893115-72-0, U$39.95
      %A Matt Curtin cmcurtin@...
      %C 175 Fifth Ave., New York, NY 10010
      %D 2002
      %G 1-893115-72-0
      %I Springer-Verlag/Apress
      %O U$39.95 212-460-1500 800-777-4643 orders@...
      %P 282 p.
      %T "Developing Trust: Online Privacy and Security"

      The title, foreword, preface, and introduction aren't terribly clear
      about the purpose of the book. Ultimately, the key word seems to be
      not trust, but privacy: the work appears to be directed at providing
      tips for developers, of all stripes, to help maintain the
      confidentiality of information.

      Part one is a generic introduction to security and privacy. Chapter
      one, entitled "Why Privacy," seems, ironically, to move us even
      further away from the topic of privacy. The emphasis of the chapter
      is on intrusions, although the reconnaissance phase does get the most
      space. (The subtitle, "Why This Book," does not appear to be
      addressed.) The discussion of privacy theory, in chapter two, flips
      back and forth between the technical issues of identity authentication
      and access control, and the social concepts of privacy, failing to
      make hard relations between the two ideas. A partial list of basic
      conceptual security terms are reasonably well defined in chapter
      three. Chapter four does start to get into privacy issues, specifying
      a number of notions important to protecting confidentiality in an
      online (generally Web based) environment. A number (but not an
      exhaustive list) of threats to privacy are discussed in chapter five.

      Part two looks at the problem. Chapter six provides a concise list of
      the basic principles of development of secure applications.
      (Interestingly, Curtin uses the principle of least common mechanism as
      an argument for the adoption of modular code, where others might say
      that it was a reason to avoid modularity.) Background concepts for
      the Internet and Web, the basic development environment assumed for
      the book, are given in chapter seven. Some specific examples of
      privacy problems on the Web are presented in chapter eight.

      Part three outlines the cure. Chapter nine reviews some basic
      security protections, such as firewalls and constrained systems. Opt
      out systems are criticized in chapter ten. "Earning Trust," in
      chapter eleven, points out that providing privacy for customers is not
      just a cost and a nuisance, but good business. A structure for
      analyzing and designing secure Web systems is proposed in chapter

      Strangely, while the book is disjointed and difficult to pin down as
      to the central theme, ultimately it could be quite valuable. In the
      end, the title is appropriate, albeit in a punning fashion: the
      content is directed at developing trustworthy applications. The
      literature in the field of developing secure applications is not
      extensive, and much of it is either ethereally academic or completely
      language specific. This book attempts to be practical, and, while
      hardly ever touching on implementation, the precepts suggested are a
      sound foundation. Security professionals would find the general
      background limited, but developers will neither be snowed under by
      esoteric discussions nor left with too many vulnerabilities uncovered.
      The specifics in the book deal with the Web, but the tenets of secure
      design are applicable to all systems.

      copyright Robert M. Slade, 2002 BKDEVTRS.RVW 20020514

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Materialists are Object-Oriented
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.