Adam Shostack is part of Microsoft’s Security Development Lifecycle strategy team, where he is responsible for security design analysis techniques. Before Microsoft, Adam was involved in a number of successful start-ups focused on vulnerability scanning, privacy, and program analysis. He helped found the CVE, International Financial Cryptography association, and the Privacy Enhancing Technologies workshop. He has been a technical advisor to companies including Counterpane Internet Security and Debix.
Andrew Stewart is a Vice President at a US-based investment bank. His work on information security topics has been published in journals such as Computers & Security and Information Security Bulletin. His homepage is homepage.mac.com/andrew_j_stewart
"I didn't have time to write you a short letter, so I wrote a long one."Mark Twain
We've taken the time to write a short book, and hope you find it enjoyable and thought-provoking. We aim to reorient security practitioners and those around them to a New School that has been taking shape within information security. This New School is about looking for evidence and analyzing it with approaches from a wide set of disciplines. We'd like to introduce this approach to a wider audience, so we've tried to write so that anyone can understand what we have to say.
This isn't a book about firewalls, cryptography, or any particular security technology. Rather, it's about how technology interacts with the broader world. This perspective has already provided powerful insights into where security succeeds and fails. There are many people investing time and effort in this, and they are doing a good deal of interesting research. We make no attempt to survey that research in the academic sense. We do provide a view of the landscape where the research is ongoing. In the same spirit, we sometimes skim past some important complexities because they distract from the main flow of our argument. We don't expect the resolution of any of those will change our argument substantially. We include endnotes to discuss some of these topics, provide references, and offer side commentary that you might enjoy. Following the lead of books such as Engines of Creation and The Ghost Map, we don't include endnote numbers in the text. We find those numbers distracting, and we hope you won't need them.
Some of the topics we discuss in this book are fast-moving. This isn't a book about the news. Books are a poor place for the news, but we hope that after reading The New School, you'll look at the news differently.
Over the course of writing this book, we've probably written three times more words than you hold in your hands. The book started life as Security Decisions, which would have been a book for managers about managing information security. We were inspired by Joan Magretta's lovely little book What Management Is, which in about 200 pages lays out why people form organizations and hire managers to manage them. But security isn't just about organizations or managers. It's a broad subject that needed a broader book, speaking to a wider range of audiences.
As we've experimented with our text, on occasion removing ideas from it, there are a few fascinating books which influenced us and ended up getting no mentionnot even in the endnotes. We've tried to include them all in the bibliography.
In the course of writing this book, we talked to a tremendous number of people. This book is better for their advice, and our mentions are to thank them, not to imply that they are to blame for blemishes that might remain. If we've forgotten anyone, we're sorry.
Simson Garfinkel and Bruce Schneier both helped with the proposal, without which we'd never have made it here. We'd both like to thank Andy Steingruebl, Jean Camp, Michael Howard, Chris Walsh, Michael Farnum, Steve Lipner, and Cat Okita for detailed commentary on the first-draft text. But for their feedback, the book would be less clear and full of more awkward constructs. Against the advice of reviewers, we've chosen to use classic examples of problems. One reviewer went so far as to call them "shopworn." There is a small audience for whom that's true, but a larger one might be exposed to these ideas for the first time. We've stuck with the classics because they are classic for a reason: they work. Jon Pincus introduced us to the work of Scott Page. We'd like to apologize to Dan Geer for reasons that are either obvious or irrelevant. Lorrie Cranor provided timely and much appreciated help in the academic literature around security and usability. Justin Mason helped correct some of the sections on spam. Steven Landsburg helped us with some economic questions.
We'd also like to thank the entire community contributing to the Workshop on Economics and Information Security for their work in showing how to apply another science in broad and deep ways to the challenges that face us all in security.
It's tempting in a first book to thank everyone you've ever worked with. This is doubly the case when the book is about the approaches we bring to the world. Our coworkers, managers, and the people we have worked with have taught us each tremendous amounts, and those lessons have been distilled into this book.
Adam would like to thank (in roughly chronological order) cypherpunks Eric Hughes, Steve Bellovin, Ian Goldberg, and others too numerous to name, for fascinating discussions over the years, Ron Kikinis, coworkers at Fidelity, Netect (Marc Camm, David Chaloner, Scott Blake, and Paul Blondin), Zero-Knowledge Systems (Austin and Hamnett Hill, Adam Back, Stefan Brands, and the entire Evil Genius team), my partners at Reflective, and the Security Engineering and Community team at Microsoft, especially Eric Bidstrup and Steve Lipner. In addition, everyone who I've written papers with for publication has taught me a lot: Michael J. Freedman, Joan Feigenbaum, Tomas Sander, Bruce Schneier, Ian Goldberg, Austin Hill, Crispin Cowan, and Steve Beattie. Lastly, I would like to thank my co-bloggers at the Emergent Chaos Jazz Combo blog, for regularly surprising me and occasionally even playing in tune, as well as the readers who've commented and challenged us.
Andrew would like to thank Neil Todd and Phil Venables for their help and guidance at the beginning of my career. I would also like to thank Jerry Brady, Rob Webb, Mike Ackerman, George Sherman, and Brent Potter. Please note that my mentioning these people does not mean that they endorse (or even agree with) the ideas in this book.
Finally, we'd both like to acknowledge Jessica Goldstein, who took a chance on the book; Romny French; our copy editor, Gayle Johnson, and our project editor, Anne Goebel.