David Shackelford posted a great review of Geekonomics on Amazon.com:
Anyone that knows me at all can tell you that I am not a fan of Fear, Uncertainty, and Doubt (FUD) in making the case for effectively managing risk. As a professional in the information security business, it is all too easy to use FUD as the "easy way out" when trying to convince people of the severity of vulnerabilities and so on. I am pleased to say that David does not employ this tactic in his book. He makes a very reasoned case, building it with example after example of how poorly software is constructed and how deep the rabbit hole goes in software manufacturers' efforts at liability avoidance.
So far, the reviewers of this book are all "security people". Please know that there are caveats to such reviews - namely, we are always looking for the "aha" publications that tell the rest of the world what we have known for a while now. This is one of those, and it may very well be the first I've really enjoyed while trying to put myself in the shoes of the "average computer user" in the world today. My usual way of doing this is by asking myself "Will my mom understand this?" I'm very pleased to report that my mom could in fact "get" the big picture David is painting here - namely, that software is something we are relying on as a critical part of society today, and it is just as fundamentally flawed as the early sewer systems he describes early in the book.
What's great about this book, aside from the points already articulated by the other reviewers, is that it takes a problem we all know exists (most software is crappy) and forces you to look at it from a number of different angles. How many books do you read in a year that actually cause you to ask yourself questions? Probably very few, I'd guess. This is a book that challenges you to think about things differently; for instance, a Windows system crashing is not just a "Blue Screen of Death" on your home PC, it's now a critical system controlling a local power grid that just went down. It's not just a poorly-written piece of Web server software, it's a perfectly viable avenue of electronic data theft. And by the way, this little problem affects every one of us. Bravo, David, you've done a great job here. I tend to agree with Richard Bejtlich that a "vulnerability tax" is somewhat infeasible, but at least we're having some interesting conversations. Change usually stems from these, and change is exactly what's on the menu.
Thanks so much for the great review, Dave.
Comments