Jolt Award for Threat Modeling
I am super-pleased to report that Threat Modeling: Designing for Security has been named a Jolt Finalist, the first security-centered book to make that list since Schneier’s Secrets and Lies in 2001.
My thanks to the judges, most especially to Gastón Hillar for the constructive criticism that “Unluckily, the author has chosen to focus on modeling and didn’t include code samples in the book. Code samples would have been very useful to make the subject clearer for developers who must imagine in their own lines of code how some of the attacks are performed.” He also says “Overall, this is an excellent volume that should be examined by most developers concerned with issues of security.” The full review is at “Jolt Finalist: Threat Modeling.”
Congratulations are also due to Mark Summerfield who won the Jolt Award for Python in Practice, Michael Mikowski and Josh Powell for their Jolt Productivity Award for Single Page Web Applications: JavaScript End-to-End and Bjarne Stroustrup for his Jolt Productivity Award: Programming: Principles and Practice Using C++ (2nd Edition). (I am especially consoled to have come in behind Stroustrup.)
Tangential question: what solution could be put in place to allow someone to use an insecure channel of communication to verify that a more secure channel had not been compromised?