High-Assurance Design: Architecting Secure and Reliable Enterprise Applications
Many enterprises unfortunately depend on software that is insecure, unreliable, and fragile. They compensate by investing heavily in workarounds and maintenance, and by employing hordes of "gurus" to manage their systems' flaws. This must change. And it can. In this book, respected software architect Clifford J. Berg shows how to design high-assurance applications-applications with proven, built-in reliability, security, manageability, and maintainability. High-Assurance Design presents basic design principles and patterns that can be used in any contemporary development environment and satisfy the business demand for agility, responsiveness, and low cost. Berg draws on real-world experience, focusing heavily on the activities and relationships associated with building superior software in a mainstream business environment.
- Understand and avoid the problems that lead to unreliable, insecure software
- Refocus design and development resources to improve software
- Identify project risks and plan for assurable designs
- Obtain the requirements needed to deliver high assurance
- Design application systems that meet the identified requirements
- Verify that the design satisfies these requirements
- Plan and design tests for reliability and security
- Integrate security design, reliability design, and application design into one coherent set of processes
- Incorporate these concerns into any software development methodology
Review By: Julio Santos
03/26/2012
With "High-Assurance Design," I thought I was going to read about some obscure techniques and formalities, but instead the author does a great job of making a potentially dry subject--even to someone with many years of experience--not only useful to read but also enjoyable. The book can and should also be used as a reference.
The author details all aspects of designing secure and reliable software in the book. After a short introduction, the first part teaches how to plan for robust and secure software--for instance, what to look for when gathering requirements on security and reliability. It's not just a book for architects, but also a hands-on reference for developers, project managers, and quality engineers.
When discussing security and reliability, some areas are more complex than others, depending on the reader's experience. To make sure the material is clearly understood, the author has a list of exercises at the end of every chapter. It would be great if the author had included the answers to the exercises. Though the questions are great and cover a lot of material, I wasn't always 100 percent sure I had the right answer.
The book should be required material to team leads developing enterprise applications, as well as the QA team. It teaches how to design with security and reliability in mind on most multi-tiered software. It provides the quality team with a very accurate list of areas and where the potential defects will be.
The writing style is a little formal, though it makes for a great reference. It's a book that should be studied rather than simply read. The only reason that I don't think this will become a classic is because the subject itself is complex and it's possible to get by without knowing most of the book’s material. But for designers, architects, and team leads who are involved with enterprise software and need to make sure the software will be reliable, maintainable, and secure, this is a must read.