Product Description

The world's leading expert on the global software industry and coauthor of the bestseller Microsoft Secrets reveals the inner workings of software giants like IBM, Microsoft, and Netscape and shows what it takes to create, develop, and manage a successful company -- in good times and bad -- in the most fiercely competitive business in the world.

In the $600 billion software industry it is the business, not the technology, that determines success or failure. This fact -- one that thousands of once glamorous start-ups have unhappily discovered for themselves -- is the well-documented conclusion of this enormously readable and revealing new book by Michael Cusumano, based on nearly twenty years of research and consulting with software producers around the world.

Cusumano builds on dozens of personal experiences and case studies to show how issues of strategy and organization are irrevocably linked with those of managing the technology and demonstrates that a thorough understanding of these issues is vital to success. At the heart of the book Cusumano poses seven questions that underpin a three-pronged management framework. He argues that companies must adopt one of three basic business models: become a products company at one end of the strategic spectrum, a services company at the other end, or a hybrid solutions company in between. The author describes the characteristics of the different models, evaluates their strengths and weaknesses, and shows how each is more or less appropriate for different stages in the evolution of a business as well as in good versus bad economic times. Readers will also find invaluable Cusumano's treatment of software development issues ranging from architecture and teams to project management and testing, as well as two chapters devoted to what it takes to create a successful software start-up. Highlights include eight fundamental guidelines for evaluating potential software winners and Cusumano's probing analysis, based on firsthand knowledge, of ten start-ups that have met with varying degrees of success.

The Business of Software is timely essential reading for managers, programmers, entrepreneurs, and others who follow the global software industry. ... Read more

Customer Reviews (34)

O good overview about the industry
Fair, very well written and provides a good overview about the industry, especially for those who neveracted on software biz.

Product Vs. Service
although the software industry has significantly evolved and this book is from far far away (2004), I decided to read it primely because of excellent reviews on the web. This book is for entrepreneurs and managers and despite the history lessons given by Cusumano he does an excellent job explaining, in details, the shift to SAAS (Software as a service).

SaaS is an excellent business strategy that every software company should adopt. If you intend to provide a 'service' read this book and put emphasis on chapter 6: start-up case studies: software products, services and hybrid solutions.

It surely helped me.
Dror Guzman

Nicely playing between software and services business
I like very much the approach of the author, showing many software-related aspects of the technology business and relating many of them to the services component needed for it. Also there is a very good chapter that I think is very helpful for entrepeneurs that covers various important points for software start-ups. There is only one point missing for me: software appliances and the use of a 'hardware approach' to sell software. However, a very recommendable book.

Software Business 101 - Start with this Book
Top of the line thinking from MIT professor Cusumano with heavyweight credentials. You can't get a knowledge from a better source. If you want to know how to make money in the software business this is the book

some useful points in a sea of chitchat
This book is written for managers, programmers and entrepreneurs, and its topic is related to two major sciences: business and software. This might cause the reader to expect a solid organized book but this is not the case here.

The writer talks as if he is in a chat room. lots of chitchat, repeating of the same idea thousands of times in many chapters, information that are useless to the reader or at least out of context like the history of open source, which I don't need to know, I just need to know the effect of open source on the business of software.

The ideas and numbers related to the real topic, business of software, are mind opening, and they can cause the reader to change the way he looks at the industry, but it needs a big effort to overcome the boring sea of chitchat to get the few (but important) ideas and information in the book.

I think one of the main reasons behind this babble that fills the book is to increase the book size and number of papers. I Know the size of the book is important to the American reader but not to me. If this book was in 1/10 of its size (which what should have been), with solid organized idea explanation and no redundant information I would have given it a five stars rating. ... Read more

Product Description
Written by best-selling PC repair author and educator Jean Andrews, the fifth edition of A+ GUIDE TO SOFTWARE: MANAGING, MAINTAINING, AND TROUBLESHOOTING maps fully to CompTIA's 2009 A+ Exam objectives. This full-color guide is the most complete, step-by-step book available for learning the fundamentals of supporting and troubleshooting computer software. At the same time, it prepares readers to successfully pass the software portions of the A+ 220-701 and 220-702 exams. The new edition is formatted to support any teaching or learning style and course format, featuring an essentials-to-practical organization within each chapter and inclusion of tabs distinguishing exam content. Further content and live demonstrations with Jean Andrews are available on the accompanying CD, making this new edition a total solution for PC repair. ... Read more

Customer Reviews (5)

ouvrage remarquable
This is an excellent work.
The text is clear, technical, correctly illustrated and nevertheless easily accessible.
The equipments and referenced softwares are very recent.
To summarize: an indispensable book for every apprentice IT.
I recommend the book of the same author dedicated to the material.

Rounding out the A+ manual
very good complement to Jean's main texts. This really helps to put some meat on the bones.

Exactly what I ordered!
The book is new and in excellent condition. It's exactly what I ordered. I will order from Amazon.com again.

Used Book
The book is OK.If they are going to sell a used book, please make sure to erase every thing that was written in the book. Other than that it was OK.
RE: Next time send it more fast, i paid extra money for the shipping. It took too long to arrive.

Entrepreneurial help
Acquired this book to guide me through the secrets of software. As an entrepreneur, this guide has been excellent in the accomplishment of my goals. Would highly recommend for anyone trying to learn about software. ... Read more

Product Description
The concept of user stories has its roots as one of the main tenets of Extreme Programming. In simple terms, user stories represent an effective means of gathering requirements from the customer (roughly akin to use cases). This book describes user stories and demonstrates how they can be used to properly plan, manage, and test software development projects. The book highlights both successful and unsuccessful implementations of the concept, and provides sets of questions and exercises that drive home its main points. After absorbing the lessons in this book, readers will be able to introduce user stories in their organizations as an effective means of determining precisely what is required of a software application. ... Read more

Customer Reviews (47)

Book review
My feelings from reading this book are very positive.
The book is easy readable. The chapters are separated into small pieces which was very convenient to me. What are User Stories and how to write them is explained at the very beginning. I was pleased by the techniques how to work with User Stories and how to use them to get maximum information needed for performing a good development and finally deliver outstanding software. The theoretical parts in the book are enriched by examples from the real world and maybe it seems to only me but the examples are definitely not tedious as I know from another books. I was also pleased that the author tends to SCRUM methodology although the User Stories are originated from XP (Extreme Programming).
If may I evaluate the book, I give it five stars.

Best agile how-to....accessible for consumption by all audiences
A 'must' for any product manager or product owner.There are many books out there, but if you only get one, let it be this one!Cuts to the chase, contains all that is necessary, with lots of helpful examples.Mike Cohn's 'Agile Estimating and Planning' is great too!

Better in One Chapter
This book made me better after the first chapter, maybe even after the introduction. I come from a traditional background of "The system shall..." approach to system requirements and incorporated them into a more agile approach. I have designed and completed successful projects that included hundreds of thousands of lines of code. I can tell you, those requirements were like hitching a piano to a car and driving uphill.

I have started using the principles in this book along with other agile approaches to get started, successfully, down the road of agile software development. My teams are happier, my customers are happier, my boss is happier.

By following the practical guidelines, this book will put you on the path from the beginning.

Excellent introduction to the best technique of capturing users' requirements
For those that need a quick introduction into"Agile methodology" - this is the book to start with.
It details the basics of interviewing, clarifying and capturing users' requirements in a true agile fashion.
The book then proceeds with describing the necessary interaction between the development team and the users / users' representatives (expert domains). Great job in providing a succinct analysis of the differences between the User Stories methodology and the IEEE software specifications as well as the Use Case technique.
Excellent examples accompany the theory.
The only problem is that User Stories is only a part (albeit an important one) in the Agile Methodology. The writer realizes the need to provide the basic principles of Agile but this part feels like a half baked effort to grow the book into something bigger than initially planned.

Solid practical and philosophical overview of agile methods
I bought this book in order to prepare for a transition to agile on our development team. I found it a good mix of theoretical background for the agile processes but also having plenty of good, practical advice. Plus, it is written well. ... Read more

Product Description

Software Testing, Second Edition provides practical insight into the world of software testing and quality assurance. Learn how to find problems in any computer program, how to plan an effective test approach and how to tell when software is ready for release. Updated from the previous edition in 2000 to include a chapter that specifically deals with testing software for security bugs, the processes and techniques used throughout the book are timeless. This book is an excellent investment if you want to better understand what your Software Test team does or you want to write better software.

Customer Reviews (26)

Provides a general overview of the field
This book offers a decent introduction into the field of software testing. Despite it's limited size the book covers a wide range of topics. These include a description of the software development process, the responsibilities of a tester and several kinds of testing. The latter include functional, security, usability and localization testing. Each kind of testing is illustrated by example which can be especially useful for the aspiring tester. However no subject is elaborated to the point where it can serve as a practical guide to a novice tester.

Interesting and light wording
This book is very interesting and its wording is really easy for reading. I broadly suggest it for beginners, intermediate and senior people. I keep it handy.

Software Test
This is a good book for anybody who is new to the subject of software test; but, if a more technical discussion on the subject is sought then this book may not be that useful. I strongly recommend the book to anyobody who's trying to learn the fundamentals and basic concepts on how software is tested as well as a basic understanding of how software is developed.

Software Testing - by Ron Patton
Great book for those just trying to learn what a software tester must do with no prior experience.

Good introduction to software testing
I thought the book was quite good. I read it before I attended my first introductory software testing course and it allowed me to get a lot more out of the course and ask questions that were more relevant. In fact, my instructor borrowed the book and thought it was quite good as well. If you have experience in this field, then this book is not for you. (Why anyone would buy it if they did have "expertise" in the field is beyond me.) I have read a couple of the reviews for this book and to be honest, these people probably whine about anything and everything, yet they are incapable of publishing their own book. I have noticed that is quite the "American thing". Criticizing without the ability to create and waxing poetic about anything and everything without the benefit of expertise.This is an odd "habit" and one that apparently is addictive and hypnotic to some. Can you imagine the amount of time some people spend on those inane blogs? Who has that bloody amount of time to be that self-indulgent? I digress...

Overall, a very good text and I would recommend it highly based on its readability; I index books for a living so I CAN wax poetic about this type of thing, and its conversational style.I encourage the author to continue his work in this area. ... Read more

Product Description
A Comprehensive Process for Defining Software Architectures That Work

A good software architecture is the foundation of any successful software system. Effective architecting requires a clear understanding of organizational roles, artifacts, activities performed, and the optimal sequence for performing those activities.

With The Process of Software Architecting, Peter Eeles and Peter Cripps provide guidance on these challenges by covering all aspects of architecting a software system, introducing best-practice techniques that apply in every environment, whether based on Java EE, Microsoft .NET, or other technologies. Eeles and Cripps first illuminate concepts related to software architecture, including architecture documentation and reusable assets. Next, they present an accessible, task-focused guided tour through a typical project, focusing on the architect’s role, with common issues illuminated and addressed throughout. Finally, they conclude with a set of best practices that can be applied to today’s most complex systems.

You will come away from this book understanding

• The role of the architect in a typical software development project
• How to document a software architecture to satisfy the needs of different stakeholders
• The applicability of reusable assets in the process of architecting
• The role of the architect with respect to requirements definition
• The derivation of an architecture based on a set of requirements
• The relevance of architecting in creating complex systems

Customer Reviews (3)

This book helped me
This book showed me a perspective of the architecting process and opened new perspectives.
I appreciate the clarity of the book.

A pick for any advanced computer library
The Process of Software Architecting is for any library strong in software engineering, and provides a solid guide to architecting a software system. From the architect's role in creating reusable assets that fit into requirements present and future to how to architect in a complex system, The Process of Software Architecting is a pick for any advanced computer library.

It is the story of how it is supposed to be...
About a year ago I finished up putting together a new Software Engineering Process for the state of PA. It included the best of the best, from those that gave us permission to use their content. You can check out the resources by googling "bscoe sep" (no links allowed on amazon).

A lot of the content was related to architecture. I would have loved to have had this book back then to refer people too as an educational resource. This book puts the process of Software Architecting into a very understandable format and does a great job of explaining process fundamentals.

It is hard to train people in Software Architecture, and then add a ton of Software Process Engineering concepts to it and you really begin to lose people. We had very little success in finding anyone who wanted to go through the learning exercise. Only our team used the process for the most part.

This book starts out with a great overview of Software Architecture, the Architect, and Architecting. Even if you are familiar with these concepts, they are a good read and they get the context laid for the rest of the book from the perspective the authors take on the concepts.

Next the authors give a great introduction to method fundamentals. They pull from the industry's best practices which include the RUP, OpenUP, XP, SCRUM, FDD, and use the SPEM to do their process diagrams. The do a great job of pulling out the important information that relates to software process engineering and putting it into a very organized and easy to understand format. The chapter is short and to the point.

The authors then cover documenting software architectures. In this chapter they outline an architectural description framework based on Rozanski and Woods viewpoints and perspectives, the Zachman Framework, and the 4 +1 view model.

The next chapter on reusable architecture assets provides an architecture asset metamodel for development -time assets and one for run-time assets.

The rest of the book is a detailed, real world, case study that puts the architecture method to use.

The book ends with appendixes, Software Architecture Metamodel, Viewpoint Catalog, Method Summary, and Architectural Requirement Checklist.

PROS:
Two guys from IBM authored a non IBM centric book. Although he authors both work for IBM they didn't include or use tools from IBM.

The book stays within the scope of process engineering as related to software architecture, which produced a more effective book than if they had not. For example, if they would have tried to provide a treatment of tactics instead of referring us to the best resources available on tactics. The book stay process focused.

The appendixes are very valuable references.

They use industry standard best practices for all their content. They are not inventing any new wheels here, or trying to sell a new silver bullet. They are simply picking out the best of what has worked in the industry and putting it into a very organized and usable format.

I like that they include the requirements gathering phase as part of the architecture process. You usually find the requirements discipline treated as though the architecture team has nothing to do with it. That is just not the case in a healthy process.

CONS:
I really do not have any. The only thing I would like to see is the process content in the book put into the Eclipse Process Framework Composer. That way it could be offered as a plug-in and we could include it in our process configurations.

Overall
If you are involved in software development in anyway, you should read this book. It is the story of how it is supposed to be. ... Read more

Product Description
In an economy where efficiency and delivery are key, Software Product Management Essentials is required reading for any software product manager. Software Product Management Essentials is a hands-on guide to help new product managers sift through the numerous tasks and responsibilities involved in this pinnacle job. The book is loaded with tips and example best practices to help even experienced product managers optimize their time and effectiveness. The book focuses on the unique challenges of being a Product Manager in a small to mid-sized software company. It provides a framework for the role of the Product Manager in an environment where there are few resources available to help in tackling the many things needed for a quality, on-time delivery of software. Whether you are already a Product Manager or considering a new career in product management, Software Product Management Essentials details a day-in-the-life experience of a PM with both the glory and challenges one faces in this role. Engineers, marketing personnel, quality assurance teams, technical writers, and anyone involved in the product delivery process will find this book extremely useful right away in optimizing the day-to-day interactions across a smaller software organization.

Emphasizing that code is only part of the overall software product, Software Product Management Essentials stresses the importance of championing a product. Critical topics covered in the book include the product delivery process, beta testing, launching a software product, and software pricing. An entire chapter is dedicated to the issues of expanding the business internationally and the issues a Product Manager must consider before and during expansion. Numerous templates are provided to fast track the Product Manager's work including a sample non-disclosure agreement, product delivery checklist, and beta test agreement and summary. ... Read more

Customer Reviews (29)

Not quite impressed
I would expect from a book with that impressive heading to be more generic, describing different approaches and types of situations - maybe not in detail, but somehow covering the field. What I've got was the PM experience of the author - certainly not useless, but too specific.

For me it was a waste of money.

A quick read, a good primer, and a good resource for a product manager's bookshelf.
This is a concise and fairly good book on software product management.It is a bit old school and waterfall focused, but it does give a good overview on many software product management topics.A similar and equally good book is The Product Managers Handbook, 3E. By far the best book of this genre is Inspired: How To Create Products Customers Love.

Dver first describes what is a product manager (the product champion) and then details what are fairly typical development and product requirements processes. Many of these are out of vogue, but there is still valuable information here. She then goes on to describe the product delivery process, the beta testing process, and finally the product launch. The book is concluded by discussing product marketing, pricing, and going international.Its appendixes contain useful sample documents such as a Product Delivery Checklist and a Beta License Agreement.

One of the book's strength is its inclusiveness and conciseness.Do you need to have a passing knowledge on the 4 C's of pricing? Do you need a need to know a few basic ideas to consider for positioning?Then this may be your book: a quick read, a good primer, and a good resource for a product manager's bookshelf.

Only for Beginners
Unfortunately I cannot bring myself to rate any published book with as many grammatical errors as this one higher than a 3.Once you get past what appears to be a piratically unedited book, the content is good for someone with little knowledge of what an actual Product Manager does.

If you have any type of IT Project Management or IT Management experience you may want to try a different book or you may feel you wasted your money.

Good summary on software product management
Nice little book on software product management. Since the book aims to cover only essentials, look for other books for detailed treatment on any specific topics of interest.

At a high level, this book does a good job of covering almost all and in some cases more (such as going international) topics that should be of interest to the reader.

The book also has some templates to get started with. You can also buy templates for a price. Templates should be available from many other resources as well.

Book touches upon requirements (collecting, analyzing, prioritization), provides basics of software development to those product managers who may be transitioning from other areas, takes thru product development and delivery process and ends with taking product global.

The book is written in a simple and sensible style. If not for that, it would have been difficult to cover so many topics in a such small book. Developing a software product for international markets is a very complex activity and this book does good job of opening one's eyes to all sorts of issues and sheds some light on how to go about addressing those issues. That is best part of the book even for an experienced software professional as many of us are not exposed to that yet.

Pricing and product marketing are also very important functions of a product manager but many times hijacked by sales and other departments. This books explains clearly where are the boundaries and what product managers are expected to do. Pricing has been dealt in good detail using 4Cs as the framework for pricing (Cost, Competition, Customers, Change).

Over all a good book for introduction. There is nice appendix for suggested reading and list of references for additional reading. That is something a small book like this should always do to point readers hungry for additional material and this book does it.

Great Book!
I recommend this book to all PMs. It has very practical ready to use tools. Appendixes are very helpful. ... Read more

Product Description
Corporate and commercial software-development teams allwant solutions for one important problem--how to get theirhigh-pressure development schedules under control. In RAPIDDEVELOPMENT, author Steve McConnell addresses that concern head-onwith overall strategies, specific best practices, and valuable tipsthat help shrink and control development schedules and keep projectsmoving. Inside, you'll find:• A rapid-development strategy that canbe applied to any project and the best practices to make that strategywork• Candid discussions of great and not-so-greatrapid-development practices--estimation, prototyping, forced overtime,motivation, teamwork, rapid-development languages, risk management,and many others• A list of classic mistakes to avoid forrapid-development projects, including creeping requirements,shortchanged quality, and silver-bullet syndrome• Case studies thatvividly illustrate what can go wrong, what can go right, and how totell which direction your project is goingRAPID DEVELOPMENT is thereal-world guide to more efficient applications development.Amazon.com Review
I can hear some of you exclaiming, "How can you possiblyrecommend a book about software scheduling published by MicrosoftPress and written by a consultant to Microsoft?!" Well, put aside anypreconceived biases. This is a tremendous book on effective schedulingsoftware development, and it drinks deeply from the wisdom of all theclassics in the field such as Brook's MythicalMan Month -- and is likely well-informed by McConnell'sexperiences, good and bad, in Redmond.

The nine page section entitled "Classic Mistakes Enumerated" is aloneworth the price of admission and should be required reading for alldevelopers, leads, and managers. Here are some types of the 36 classicmistakes that McConnell describes in detail:

• People Related Mistakes
  • Heroics
  • Adding people to a late project
  • Politics placed over substance (etc.)
  
  
• Process Related Mistakes
  • Abandonment of planning under pressure
  • Planning to catch up later
  • "Code-like-hell" programming (etc.)
  
  
• Technology Related Mistakes
  • Silver-Bullet syndrome
  • Overestimating savings from new tools or methods
  • Switching tools in the middle of a project (etc.)

I suspect that if you've ever been involved in software development,you winced after reading each of these nine points. And you will learna great deal from the remaining 640 pages about concrete solutions.

My only substantive gripe: cheesy Powerpoint graphics. Nonetheless,this book is Very Highly Recommended. ... Read more

Customer Reviews (114)

The 98th 5 star review
This book ranks at the same level with MMM, Code Complete & Pragmatic Programmer.
Another Software Engineering classic

The most complete and difinitive tome on software development.
I can't write enough about this book. Everything you want to know about software development is covered, from project management to estimating to team models to lifecycle methodologies, and tons more. I've read through the entire book, re-read many of the chapters, and I still use it regularly as a reference, ten years after I first purchased it. You should see my book - coffee stains, dog-eared, post-it tags hanging out all over. Anyone who has a substantial amount of software development experience will recognize McConnell's recommendations and his examples of "classical mistakes".

It would be nice if there were an updated edition that discussed some of the more current agile methodologies. However, this book is still right on target 15 years after its publication. Don't let the Microsoft Press scare you off, there is nothing "Microsoft" about it. Its theories and real life nuts and bolts recommendations apply to all current development platforms.

If you can avoid classic mistakes and apply development fundamentals, this is THE book to take you to the next level.
To take advantage of the pearls & jewels of wisdom packed into this book, you have to already have the discipline to avoid making the classic mistakes (which McConnell conveniently lists) and know & apply software development fundamentals (which McConnell also conveniently lists).

A must read for Software development
This is one of the key books to read for software development.This book provides the needed background for becoming a team lead/architect.The book is well written.I have had mine for years and I use it as a constant reference.

Applies today as much as it ever did...
While this book may be old, it is one of the tried and true books of project management.I recall this book being standard material for my IT classes as far back as 2000!I still keep it on my bookshelf and read occasionally.A must have for any developer or those who interact with developers in some way... ... Read more

Product Description

• Reflects the latest technology in the field to provide readers with the most up-to-date resource
• Presents examples that cover a broad spectrum of hardware and software systems, from personal computers to mainframes
• Places more emphasis on networking to address increased importance of the communications area
• Consolidates the coverage of buses into one chapter.
• Integrates numerous review questions at the end of each chapter to enhance the reader's understanding of the material

Customer Reviews (4)

Waste of money.... many pages with bunch of examples
This is book is a waste of money. There are hundreds of examples and no important information. You gonna have to go through many pages, until you reach something that it's really worth it.
Anyway, it's matter of choice, but I don't wanna read the author opinions. I want to learn stuff I don't know. The serious material in that book is 100 pages or less out of 700!

Computer Hardware systems software & networking
My order arrived timely. Not enough information to maker buyer aware of having some highlights in the book which would just be a good information.

GREAT
The book is very helpful.
The only complaint is that they do not have a keyword dictionary at the end of each chapter.

Good purchase!
Book seems like new condition so i was satisfied. However, shipping took way to long. I can understand 7-10 business days but 16 days seemed a little ridiculous. ... Read more

Product Description

Practical tutorial on how to actually do testing by presenting numerous "attacks" you can perform to test your software for bugs.

• Practical approach has little or no theory, but shows real ways effectively test software—accessible to beginners and seasoned testers.
• The author is well known and respected as an industry consultant and speaker.
• Uses market leading, and immediately identifiable, software applications as examples to show bugs and techniques.

James A. Whittaker is a well-known speaker and consultant, as well as seasoned professor. ... Read more

Customer Reviews (19)

Great book for tester!
This book runs away from theory and go right into practice. It can open up your view on how to test software. Great book. I recommend.

Fundamental approaches from the DP era
The book approaches testing from the perspective of computer science when it was commonly called data processing. This isn't the usual risk-based approach to testing most often seen today, but it has validity in the proper contexts.

Viewing applications using an input/data/computation/output model, the author discusses ways to test to help find faults. This is particularly useful in the context of desktop and workstation applications, but the examples given are largely limited to that context alone, and ignores the broader scope of today's often web-based software.

That caveat aside, it's an excellent guide to testing applications for those involved in standalone product testing, and would be very worthwhile reading for developers in that environment as well, especially as many of the common weaknesses ("bugs") could be avoided by preparing for the tests discussed.

For those involved in web-testing, while the underlying concepts apply, the specific examples and discussed techniques largely do not, and a fair amount of abstraction would be needed. In those circumstances, a differently focused book would be recommended. (Whittaker and Mike Andrew's 'How to Break Web Software' is a good one for that.)

Good for beginners about sums it up, yes...
I acquired this book as part of a training exercise from my current company.I figured since I used Amazon reviews largely to decide which books to purchase for that it would be good to leave some in return.

When I graduated college, I told myself I'd never again pick up a school book without good cause because they are largely terrible reads and can be very difficult outside of a school setting both because there's no professor and no drive.When I found out that "How to Break Software" was written by a college professor for his students I was skeptical.However, I found it to be a very good read.Professor Whittaker writes in a very easy to read style with the references to self and social aspects that I enjoy as well as incorporate in my own writing (despite what I was taught in college;)).His examples are simple and easy to understand I imagine for novice or veteran testers.

Unfortunately, this is where my use of the book and enjoyment of the book ended.I've been working in the QA/QC industry for about 7 years now.After the introduction, I found most of the chapters to be more of a synopsis of good practices than teaching me anything.This is fine for school kids who know little to nothing about testing or for people just getting into QA; however I did not find it particularly useful as a veteran which is contrary to the disclaimers in the introduction as well as the snips about the book on the covering.This feeling lasted until about the time they introduced the Canned HEAT and Holodeck applications which I found interesting and was excited to use.That is until I saw the examples they gave and I realized that if I used them in my current workplace I would be testing the web browsers and operating system more than I would be testing the application itself.That's a specific issue though and this is not to say the tools are not useful (they may even have some use in my workplace) however reading chapters about them and mostly them was annoying knowing this.

Ironically, the best part of the book in my opinion was the synopsis of what QA (QC) is and why it's difficult which was essentially the last thing I read (Appendix C).However, no part of the book beyond a brief mention in the intro/TOC told you to read this.Also ironically, one Chapter did warn you to read Appendix A and B before reading on and then proceeded to go over the material in those Appendices as if you did not even using the same examples, something I found frustrating as a reader.I got the feeling, he as a teacher expected his students NOT to read the Appendices and thus put the material in there anyway.I could be wrong though.

Another part of the irony about Appendix C is that it is, as disclaimed, an article taken mostly from an IEEE article.So, the part of the book I enjoyed the most wasn't even written by Professor Whittaker.

The fact this book is dated really shows in the examples as well which are for programs such as IE5 and Windows 2000.The flaws here may be able to be reproduced but most likely they have been fixed.I also found the exercises trite and did not execute any of them.

Anyway, in synopsis, I don't not recommend this book (yes, double negative), however, I think it has limited use for those who are moderate to experience QAers.I think it's a great read for anyone starting out and for them would become a great book to put on their shelf and say this is what guided me to become the QA/QC professional I am today.The tools seem valuable and I look forward to trying them out but their application is not for every professional environment.

PS: I didn't remember this until I was going to post the article but based upon other reviews I chose to purchase this book over "How to Break Web Software" and "How to Break Software Security".This may have been a mistake on my part.Perhaps I will check out those two in a future endeavor.I am not so turned away from Prof. Whittaker as to not consider that.

Perfect Preperation for an Interview
I read this book on a plane on my way to an interview for an internship as a software tester. (It was a long trip, so I probably spent about 6-7 hours reading it without getting distracted). I knew absolutely nothing about testing before this interview. I didn't have time to check out the Canned Heat software that comes with it, but I did read it from cover to cover. Despite feeling unqualified for this position, the information in the book was enough to carry me through the interview and I got offered the internship. I highly recommend this book for beginners who are looking for a fast way to learn the basics of testing.

most thorough and organized book for beginners
Thsi book was recommended by two people working at Microsoft. One was a Test Lead in IIS team and another a Test Manager with the Games for Windows team. I thought that being the case it would be worth giving it a shot. Here are some of my observations:

1) This book is fast paced.

2) Every point is made succinctly and not blabbered on, so it keeps your interest througout.

3) Provides lots of examples to help relate. Many are errors in MS Word 2000, which also makes it interesting to read.

4) Covered many distinct types of approaches, so is very thorough and organized. Different types of testing, types of attack within each type of testing, how/what/when details of the attack is all listed. Nothing left out.

5) Aimed towards newbies to testing, but is a good quick refresher resource for those who have been into testing for a little bit. ... Read more

Product Description
Since its early days as an information exchange tool limited to academe, researchers, and the military, the web has grown into a commerce engine that is now omnipresent in all facets of our lifes. More websites are created daily and more applications are developed to allow users to learn, research, and purchase online. As a result, web development is often rushed, which increases the risk of attacks from hackers. Furthermore, the need for secure applications has to be balanced with the need for usability, performance, and reliability. In this book, Whittaker and Andrews demonstrate how rigorous web testing can help prevent and prepare for such attacks. They point out that methodical testing must include identifying threats and attack vectors to establish and then implement the appropriate testing techniques, manual or automated. ... Read more

Customer Reviews (12)

How to break web software
Very nice book, He covers topics that i never even thought of.Highly recommended

Great advice for software developers
If your company has a web site, there are many people waiting to attack it and break into it.

In How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, authors Mike Andrews and James Whittaker detail the myriad Web software exploits that attackers will attempt to carry out. The tools and techniques that can be used to fight against them are also detailed.

The book also includes a companion CD that contains all of the source code referenced in the book in addition to a number of testing tools. The authors include software code from an insecure Web site, which helps the reader get a real-world feel for the topics involved.

The authors conclude with a look at the last 50 years of software defects, showing that developers are not learning from the mistakes.

The authors are of the opinion that software quality is no better today than it was decades ago. And in some cases, it is worse.

The book helps drive home the importance of having developers think about writing secure code and testing it for flaws. It is a recommended read for IT professionals.

Short on content with too much padding
I was disappointed in this book. The actual content was pretty thin, and not very well written. Chapter 1 is a complete waste of time, and actually spends pages explaining what client/server means, what the Web is, and other things that are patently obvious to the supposed audience for this material. I found myself turning to the front to see if this book was written in 1997! You then get nine fairly short chapters with instructions on how to hack a website, more or less; followed by 50 pages of useless padding in the appendices including: an unrelated article co-authored by Whittaker for the IEEE, a detailed list of all the bugs present in their "sample application," and then descriptions of their recommended tools, all of which can easily be found on the Web without paying $22 for this book.

As another reviewer mentioned, there are many typos and other problems like incorrect illustrations, making the reader wonder if Addison-Wesley even employs a copy editor. Furthermore, I felt this book was inaccurately named and described. It's really more about rudimentary hacking and protecting your web application against hackers than web quality or web testing. A beginning web developer might do well to read this as a primer on how to create sites and applications with basic security, but as an experienced tester it was of limited use to me.

Wow!
I've been programming for over 10 years and thought that I had encountered it all. Uh ya, I was wrong. I'm amazed that a person can work with something for so long and yet still miss simple things like URL jumping. This is a great 32,000 foot view of web security (not a how to hack book) and covers what you should know if you are a web developer. Even if you alredy "know it all" this is a great read and excellent reference for creating check lists on projects and threats they may be succeptable to.

Fast international delivery
It was a good experience to purchase from Amazon and getting them delivered in India at my door-step. Order reached me ontime and is in good condition.

Thanks,
Samta ... Read more

Product Description

Customer Reviews (17)

No so good
I'm disappointed after I received the book. I'm glad I just paid the used one price.

I think it will be helpful...
I have not read this book yet, but I feel like it would be really helpful for my job. As I have read, it looks like a very practical handbook to use every day in the projects life. I hope you find it just like me.

Practical Advice for PMs
This book gets five stars, because from the first time I picked it up, it helped solve a problem I had at work with a highly annoying colleague who constantly went over my head to report to higher management anytime she even suspected I or a member of my team might be doing something wrong or not the way she would do it. Resorting to outright lies and spreading office gossip was not below her. Asking her to stop, being nice to her or being angry with her did no good. By following some of the advice in this book I was able to start to turn things around within a single day.

That is the really great thing about this book, it provides practical advice from experience project managers not only about tools and methodology of managing projects that work, but also the pitfalls of office politics and how to successfully deal with them.

The methods and tools presented in this book are very good, and are what the authors have found works in their projects. You might find that some of this is not applicable to you if you work in an organisation that already has an established methodology, or if the client insists things are done a certain way. It certainly presents some new ideas and tools to try that might improve your current proccess.

Another great thing about this book is its simplicity. There are many techniques for everything from project estimation to software testing, some of which require a high level of expertise. The techniques presented here are ones that are simple and easy to implement.

It is always good to learn from other peoples success, and this book gives you an insight into how its authors successfully manage their own projects that is valuable to every project manager.

Excellent resource for technical project managers
I bumped into this book by way of "Head First PMP", also written by Stellman and Greene. Because I liked the PMP resource so much, I thought I should give this book a chance and I was not disappointed. Packed with useful information, case studies and examples, this book is a resource any technical project manager will want to have in their collection.
One bonus I did not count on was the companion website which includes downloadable templates, PPT slides and other electronic assets.

Highly recommended!

excellent purchase
This is a nice book, everything about it is so neat and nice. I am glad I purchased this book from Amazon. ... Read more

Product Description
Intended for a sophomore/junior level course in software engineering.

The ninth edition of Software Engineering presents a broad perspective of software engineering, focusing on the processes and techniques fundamental to the creation of reliable, software systems. Increased coverage of agile methods and software reuse, along with coverage of 'traditional' plan-driven software engineering, gives readers the most up-to-date view of the field currently available. Practical case studies, a full set of easy-to-access supplements, and extensive web resources make teaching the course easier than ever.

The book is now structured into four parts:

1: Introduction to Software Engineering
2: Dependability and Security
3: Advanced Software Engineering
4: Software Engineering Management ... Read more

Customer Reviews (1)

A valuable resource
Any book in its ninth edition has already proven its place to its audience - Sommerville's text has earned its reputation as a standard in the field. This book's twenty-six chapters cover four major topics: introductory material, dependability and security, advanced software techniques, and project management.The first section include basic life cycle phases of requirements, modeling, architecture, implementation, testing, and ongoing support, along with smattering of the social processes in which these activities take place.

Advanced topics, the third section, include modern topics such as aspect-oriented programming (AOP), component systems, and embedded applications. AOP seems to be moving in from the fringes of software development (Aspect-Oriented Programming with the e Verification Language gives lots of good reasons for that, despite being tangential to normal software). Still, object orientation dominates current practice by a wide margin and gets only minor mention, so I find the emphasis misplaced. Likewise, the embedded section under-represents the 99% of all processors that don't run Windows or Linux, i.e., the ones in your microwave, digital watch, CD player, car air bags, sewing machine and cell phone. Still, mentioning it at all puts this ahead of many comparable texts.

So does the second section, on dependability and security. As computers become more pervasive and take on more life-critical applications, these issues only grow in importance. As with other sections, however, topics that represent many people's entire careers get only 20 or 30 pages here. A book of this breadth necessarily sacrifices depth, however, so I can't complain too loudly. Likewise, the section on project management issues could be a book of its own, like Braude's Software Engineering: An Object-Oriented Perspective.

Real discussion of this book's content would take more space than I have here, and would soon get into matters that depend on specific applications or on personal opinion and experience. I found one pervasive weakness in this book, however, a weakness shared by every other software development and engineering text I've seen. Standards and regulatory requirements get only scant mention. In the real world, software design and implementation happens in a complex environment of interlocking standards that affect nearly every aspect of software design and implementation. I applaud Sommerville for mentioning Sorbanes-Oxley (despite the book's international audience). Still, the hundreds of applicable standards from the IEEE, ECMA, ISO, ITU, NIST, and dozens of other organizations warrant a chapter of their own. I look forward to seeing that chapter, in this book if not in some other.

- wiredweird


PS: I'm wrong a lot, but that cover photo could credibly be MIT's Stata center under construction. If so, in restrospect now that it's completed, that wouldn't be the most uplifting choice of engineering images. ... Read more

Product Description

Customer Reviews (17)

Book looks silly but is professionally on target
Notwithstanding the funny people and and fonts, the book provides much valuable information and advice on the development of serious IT applications.However I wish that it had more depth on how to develop Java classes.

Very good learning style
This book has a very good learning style. Good content. Helps to get you started in managing development time.

Great
The book was in the condition that it said and arrived on time. Great service.

Good for the new Team... but
I looked through this book online using Amazon and some of the pages looked of interest to me as I am working with some new teams who have not used Agile before and there were parts of this books (mainly around user stories) which got my attention.

I have been developing for 25 years and have been managing Agile teams over the last 4 years, recently using Scrum as the framework of choice. I was looking for some further material to expand my knowledge base and having read Head First Design Patterns (highly recommended) I thought this book would fit my needs.

For me, I was dissapointed. I read this book basically cover-to-cover in about 3 hours and there were aspects which made me think, on the whole there was nothing new in this book and the topics it did cover it did not go into any real depth. For me, not a good use of my money.

However, as a book to get my team and future teams who are new to Agile, Test First, Continuous Integration, Version Control, Unit Testing, User Stories, etc, this book is great and I do recommend it.

The Head First series of books take the reader on a simple journey. Nothing complex or where there is something complex they de-complex it and in some ways dumb it down to a reasonably low common-denominator. This means just about anyone can read this book and should understand the concepts and principles in it. I plan to provide this to some non-technical BA's who I work with and other than the section on Unit Testing know that they will be able to read this, digest it, and understand the principles and then hopefully use them within our organisation.

A Best Practice Book for Software Development
This book teach you best practices in today's software development industry. It should be a must read for any software development team member as well as project manager before the project kick off. ... Read more

Product Description

This award-winning book, substantially updated to reflect the latest developments in the field, introduces the concepts and best practices of software architecture--how a software system is structured and how that system's elements are meant to interact. Distinct from the details of implementation, algorithm, and data representation, an architecture holds the key to achieving system quality, is a reusable asset that can be applied to subsequent systems, and is crucial to a software organization's business strategy.

Drawing on their own extensive experience, the authors cover the essential technical topics for designing, specifying, and validating a system. They also emphasize the importance of the business context in which large systems are designed. Their aim is to present software architecture in a real-world setting, reflecting both the opportunities and constraints that companies encounter. To that end, case studies that describe successful architectures illustrate key points of both technical and organizational discussions.

Topics new to this edition include:

Customer Reviews (25)

Huh?
I was so taken aback by the comments on this volume that I could not resist a retort.First, SEI transformation methodologies are abstract by intent.They are not how-to methodologies or roadmaps for composing class structures, web sites, or a coding guideline standard.The ATAM is immensely valuable for collecting and rating architectural drivers from stakeholders using a very novel approach to tradeoffs.Also, OAR is designed as a guideline to harvesting and rehabilitating pre-existing system components not for a detailed analysis of a systems component code-base.Again, this is not a coding guide for those of us who are new to the architectural profession and are thinking in code-modelling terminology.Last, (but of greatest concern), is the use of SEI transformation methodologies for plotting logical and physical design.They are not intended to be used for this level of design work.(One might compare this to the misapplied notion of using BPMN to design a detailed network topology).Other than possibly CBAM, these are also not cost modelling methodologies. Comparing COCOMO II to CBAM is paramount to comparing an abacus to an accounting algorithm for future value.Sorry if I stepped on any toes...off the soapbox.

Good Foundation Book
This is a solid work on SEI's ADD methodology. The authors fully document the ADD methodology in terms of incorporating this into your practice. Clear text, diagrams, and illustrations depict how you bridge the gap between theory and practice.

If you're looking to use, or enhance, how to leverage your use architecture, I recommend this book. ADD is a method that values the business intent of the software, and constructs a method that delivers value to the customer.

There are some weak chapters, which prevent me from giving a 5-star rating. For example, Chapter 10 addresses reverse engineering an architecture. The focus was on a point exercise that is not useful in either theory or practice. Other case studies in the book (there are a few) were not helpful as they did not have the keys to turn the theory into practice. For example Chapter 16 addressed a J2EE/EJB study; however it was very high-level and omitted important details to be used in practice. However, the case study of an avionics system (Chapter 3) was good; it provided insight in how to apply theoretical concepts.

I recommend this book for those organizations looking for a solid value-add approach to improving your architectures both technically, and in customer value.

Heavy in 'Case Studies'marginal on usable content.
This text is chock full of "Case Studies" in Architectural design & development methods, but surpringinly sparse in specifics. The authors' take an approach that is almost entirely qualitative; I was hoping to see a more analytical set of methods for analysing architectures, butfound little.

Not suitable for web applications
This book is great to gain theoritical knowledge about software architecture, but it lacks practical insights. May be it's my specific problem, because I was trying to find a good book on architecture of web applications, which this book does not provide.

Learning from the ancient masters of building
What is arguably the best analogy to the creation of the large, modern software product is the construction of the great pyramids of Egypt: any error made in laying down the lower layers was magnified many times over when the additional layers were added. The placement of even a single component required the coordinate actions of many workers. Large detailed plans were necessary before the first block could be laid and while no precise deadline existed, there was a general one. Finally, despite their impressive size, the pyramids were built by applying simple components while following a well-understood pattern for integration.
Therefore, as so many people are now pointing out, software engineers can learn much from the masters of construction.
Architecture (architorture to students of the craft) is a very difficult area to master. The human mind processes information based on patterns, but much of that efficiency is based on experienced patterns, and abstractions rarely come easy even to the prepared mind. In this book, the authors do a great deal to assist "open minds" in preparing to understand and use architectural patterns.
To present their ideas, the authors coined the phrase, "Architecture Business Cycle" (ABC). This phrase is designed to describe the entire process, from the initial itch on the back of the brain, to the influence of the architecture of one product in succeeding generations of products. Only when the consequences to future generations of software are included can we truly say we are describing the complete software life cycle.
The approach used is a combination of explanation and case studies. Seven of the nineteen chapters are case studies that generally are well-done examples of the material. The core of the book, however, is the development of the steps in the construction of the ABC. The first step is the creation and analysis of a specific architecture. To perform the analysis, the authors put forward the Software Architecture Analysis Method (SAAM), a scenario-based method of evaluation. This technique is also one of the components of an architecture-review process.
After the architecture is developed, it is time to create an equivalent system based on the design. To do that, a symbolic notation is needed. While there is some time spent on Architecture Description Languages (ADLs), this is one topic that should have been expanded. Without a common language that has a high degree of precision, there is a great deal of room for potential error. The analogy or metaphor that clarifies a concept for one person makes it less comprehensible for others. An example of an ADL is presented, but seven pages containing diagrams is not enough to do more than spark interest or confusion.
The final area concerns the reuse of components and architecture. Two chapters are devoted to this topic, one on reuse within an organization and the other on reuse within the community. Within an organization, the emphasis is on the other software product line-a series of products in both parallel and sequential development. Creating a "reasonable" match to a consumer's requirements in the software development equivalent of real time is achievable only if there is an extensive stock of well-designed components that work and play well with each other. The only way to achieve this is to make such behavior part of the fundamental design. In the modern era of global competition, exposing your architectural designs to the world might seem to be a poor business practice. However in many areas this is not the case.
Software developers can learn a great deal from the construction engineers of the ancient world. When planning a complex structure, the medieval architect commonly attacked the problem from a multigenerational perspective. Knowing the project would not be completed for decades, the initial architectural plans included the passing of the necessary legacy knowledge down to the later generations of planners and builders. Only then could there be a guarantee of completion and long-term viability. The ABC as put forward in this book is one way the computer industry can approach problems from the same perspective.

Published in Journal of Object-Oriented Programming, posted with permission.
... Read more

Product Description
What do flashlights, the British invasion, black cats, and seesaws have to do with computers? In CODE, they show us the ingenious ways we manipulate language and invent new ways to communicate with each other. And through CODE, we see how this ingenuity-and our very human compulsion to communicate-have driven the technological innovations of the past two centuries. Now in paperback edition, this critically praised book weaves an inventive and eminently comprehensible narrative for anyone who's ever wondered about the secret inner life of computers and other smart machines. The work of legendary computer book author Charles Petzold has influenced an entire generation of programmers. And with CODE, Microsoft Press is proud to share this gifted teacher and communicator with every reader interested in understanding today's world of PCs, digital media, and the Internet.Amazon.com Review
Charles Petzold's latest book, Code: The Hidden Language ofComputer Hardware and Software, crosses over into general-interestnonfiction from his usual programming genre. It's a carefully written,carefully researched gem that will appeal to anyone who wants tounderstand computer technology at its essence. Readers learn aboutnumber systems (decimal, octal, binary, and all that) throughPetzold's patient (and frequently entertaining) prose and thendiscover the logical systems that are used to process them. There'sloads of historical information too. From Louis Braille's developmentof his eponymous raised-dot code to Intel Corporation's release of itsearly microprocessors, Petzold presents stories of people trying tocommunicate with (and by means of) mechanical and electricaldevices. It's a fascinating progression of technologies, and Petzoldpresents a clear statement of how they fit together.

The realvalue of Code is in its explanation of technologies that havebeen obscured for years behind fancy user interfaces and programmingenvironments, which, in the name of rapid application development,insulate the programmer from the machine. In a section on machinelanguage, Petzold dissects the instruction sets of the genre-definingIntel 8080 and Motorola 6800 processors. He walks the reader throughthe process of performing various operations with each chip,explaining which opcodes poke which values into which registers alongthe way. Petzold knows that the hidden language of computers exhibitsreal beauty. In Code, he helps readers appreciateit. --David Wall

Topics covered: Mechanical andelectrical representations of words and numbers, number systems, logicgates, performing mathematical operations with logic gates,microprocessors, machine code, memory and programming languages. ... Read more

Customer Reviews (83)

Excellent
Excellent reading for any seminar intro to CS. It could be outside reading. It is enjoyable.

Now (I think) I know how a computer works
Wow.Before I read this book, I already knew about logic gates, but I did not know (1) how electric and electonic devices can in the real world perform the function of logic gates and (2) how by arranging logic gates wisely one can perform addition and subtraction and (3) more complicated mathematical operations can be performed by doing "a lot of" additions and subtractions.Now I (kind of) know.

All these are gratifying.

Starting from Chapter 17, however, the speed and depth of the book changes gear quite a bit (at least to me).From that chapter onward, it is about the relatively detailed working of a modern computer - e.g. how integrated circuits (chips) work, what microprocessors are, etc.In Chapter 18, for instance, the author answered the question in the preface: "why can't you run Macintosh programs under Windows?".It is quite rewarding to understand why.

Different readers will have different views towards this book.By profession I am a physician and have no experience in serious computing, so I myself find Chapters 21 and 22 particularly difficult.But overall I think I have learned a lot from this book.Five stars.

Good stuff is towards the end
When I first got this book it was required reading for an entry level computer science course, we learned everything that this book talks about but I didn't quite get "why" we were being taught all these things. I made it about half-way through the book and felt it was pretty silly and boring. It was talking about logic gates and using them to buy a cat from the pet store, neutered, female, gray, and all this other stuff that in my mind had nothing to do with computers.

It wasn't until about a year later I picked up this book again and began reading more and more computer science and programming related books. Once I started reading this again I wanted to find out what happens towards the end. And realize why I was taught different number systems and logic gates back in that entry level course. It wasn't until about chapter 17 where I realized what all of it had been leading up to and it was pretty awesome. The following chapters were quite interesting but I felt too short. It felt like all the good stuff was in the last 100 pages or so.

I think Petzold wrote this book so that anyone could understand code and how computers work. So if you're already a computer science person the early stuff might seem a bit boring and repetitive, but once you get to the end it will all make sense. I'm glad I did go back and read it again, because the first time through I never got that far. I think it was mainly because I was focused on passing all my classes and this book was more of an extension of the class and not a requirement to read it. I'd recommend this book to anyone vaguely interested in how computers work, or anyone in the computer science or programming fields. It's really useful to understand exactly what's going on when you are programming. And this book essentially explains how you could build your own computer and know exactly how it works.

Very descriptive as to the inner-workings of a computer
I recall the book being split into three parts:

The first third of this book is a crash-course in various "codes" used for communicating -- Morse code, Braille, and eventually Binary/Octal/Decimal/Hexadecimal.The author simply explains how to communicate messages using only 2 signals (on/off).This

The second third of the book delves into the history of computing, automated machinery, using electrical signals to convey messages (starting with the telegraph), and eventually working up to "Switches" -- the basic building block of a computers.From there, the author explains, very slowly and clearly, how to build a rudimentary computer.Even if you are not interested in the logical diagrams of circuits, you could easily skip past these sections and still find a wealth of information in the book.

In the third part of the book, after building our basic computer, the author goes into Processors: when they were popular and mass-produced, how people programmed with them, what each chip does, etc.The author explains how newer computers had different processors, and how the x86 chip is still commonly used in PCs today. The author also explains how advances in technology are trending.

The book is a little dated -- my edition was only current up to the year 2000.However, not much has changed in how a computer is made and powers itself on since 2000.This is a must-read for anyone interested in being a programmer or computer electrical engineer. It's also vital for anyone who really wants to know how a computer works.

I think it was written with Love
I wanted to write a review for this book for the past few weeks, but held off until I finished reading it completely, in case there was some disappointment at the end. Thankfully that is not the case - the book is excellent from start to finish.

You can see the amount of love and care that the author has put into this work. From the easy to read font, thought-out diagram and image layouts that never make you flip-back the pages - to the excellent teaching-like style with which the author gradually tackles the topic. It is amazing. I found myself holding off reading too much of the book at once, because I wanted to prolong the pleasure!

I recommend this book to anyone. The first seven or eight chapters should be accessible to anyone, regardless of their technical background, and are alone worth the price of the book. This book should be enjoyed from start to finish, just like a novel. Unlike a novel this book not only provides the reader with the pleasing reading experience, but also with some very useful lessons and fundamentals.

I like the author's approach so much that I have purchased his next book "The Annotated Turing". I will post my impressions of that when I am done. ... Read more

Product Description

This is the Mobipocket version of the print book.

"When it comes to software security, the devil is in the details. This book tackles the details."
--Bruce Schneier, CTO and founder, Counterpane, and author of Beyond Fear and Secrets and Lies

"McGraw's book shows you how to make the 'culture of security' part of your development lifecycle."
--Howard A. Schmidt, Former White House Cyber Security Advisor

"McGraw is leading the charge in software security. His advice is as straightforward as it is actionable. If your business relies on software (and whose doesn't), buy this book and post it up on the lunchroom wall."
--Avi Rubin, Director of the NSF ACCURATE Center; Professor, Johns Hopkins University; and coauthor of Firewalls and Internet Security

Beginning where the best-selling book Building Secure Software left off, Software Security teaches you how to put software security into practice.The software security best practices, or touchpoints, described in this book have their basis in good software engineering and involve explicitly pondering security throughout the software development lifecycle. This means knowing and understanding common risks (including implementation bugsand architectural flaws), designing for security, and subjecting all software artifacts to thorough, objective risk analyses and testing.

Software Security is about putting the touchpoints to work for you. Because you can apply these touchpoints to the software artifacts you already produce as you develop software, you can adopt this book's methods without radically changing the way you work. Inside you'll find detailed explanations of

• Risk management frameworks and processes
• Code review using static analysis tools
• Architectural risk analysis
• Penetration testing
• Security testing
• Abuse case development

In addition to the touchpoints, Software Security covers knowledge management, training and awareness, and enterprise-level software security programs.

Now that the world agrees that software security is central to computer security, it is time to put philosophy into practice. Create your own secure development lifecycle by enhancing your existing software development lifecycle with the touchpoints described in this book. Let this expert author show you how to build more secure software by building security in.

Customer Reviews (19)

High-level security concepts book.
Excellent high-lvel book for anyone involved with software development and implementation. This book digs deep with enough details of security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The book also does well in terms of secure coding, white box and black box testing very well.

Few things where this book falls short "Ignorant" to emerging application landscape and the coding complexities in a multi-platform and application integration environment - J2EE, .NET, XML Web Services and SOA.I am sure, the author will agree on those gaps hopefully we see in the next edition of this book.

The book deserves 5 stars for the concepts + illustrations and 3 stars for those keen on development details for distributed applications.

The best secure development lifecycle book
Software Security is the best book for learning to integrate security throughout your software development lifecycle.It contains all the security material that is missing from software engineering books.The author understands that your software development lifecycle is different from his, and so focuses on seven touchpoints that can be introduced into any software development lifecycle, instead of attempting to sell you a new lifecycle.He also understands that no matter how important security is to you, you can't change everything about you develop software tomorrow, so he introduces the touchpoints in order of effectiveness based on his extensive consulting experience, starting with tool-assisted code reviews and architectural risk analysis.

If you're a software developer, Software Security is an essential book to have on your shelf, and you'll also want a secure programming book like Secure Programming with Static Analysis (Addison-Wesley Software Security Series) or the author's own Building Secure Software: How to Avoid Security Problems the Right Way.

Good book for secure software coding !
A required reading for anyone involved with software development and implementation. This book drills-down to security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The concepts illustrated on secure coding, white box and black box testing are excellent. As a developer/architect, I thoroughly enjoyed this book and I suggest to everyone who wants to get started on secure coding and testing practices.

Couple of things I QUIBBLE with are... the book does'nt realize the emerging issues and how-to's for build/refactor security for distributed application proliferation as your it - Portals, Web Services and SOA. The way we develop software is changing, the applications are becoming more pervasive and no-longer contained standalone to a system which makes the built-in security brittle impeding the agile business requirements for application/process orchestration, b2b federation and Web based application mashups. I am sure, the author will realize those gaps in the next edition of this book.

Havingsaid - This book is still a must-read for the budding security developer who wants to focus on secure programming and testing.

What is MISSING - You will not find answers for how you do secure web-centric applications, XML Web services - message-level security, identity federation and other b2b application complexities.

Required residing for all software developers
The root cause of many security vulnerabilities is poorly written software. Often, software applications are written without security in mind. The logical, yet elusive, solution is to ensure that software developers are trained in writing secure code.

Software Security: Building Security In is a valiant attempt to show software developers how to do just that. The book is the latest step in Gary McGraw's software security series, whose previous titles include Building Secure Software and Exploiting Software.

In past decades, writing secure code was left to the military and banking industry. Today, with everything on networks, all sectors must get into the act.

Much of the problem is that organizations target their security elsewhere--specifically on networks--rather than on software. But so many malicious attacks are directed at software that it is foolish to leave this vulnerability exposed.

McGraw goes into detail not only about writing secure code but also about key related areas, which he terms "the seven touchpoints of software security."

These points comprise code review, architectural risk analysis, penetration testing, risk-based security tests, abuse cases, security requirements, and security operations. A major portion of the book effectively discusses these "touchpoints," making the work a recommended tool for inculcating software developers with a security mind-set.

A powerful book with deep truths for secure development
I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al.Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation.My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis.The other five are still noteworthy books.All six will contribute to the production of more security software.

Gary McGraw's book gets my vote as the best of the six because it made the biggest impact on the way I look at the software security problem.First, Gary emphasizes the differences between bugs (coding errors) and flaws (deeper architectural problems).He shows that automated code inspection tools can be applied more or less successfully to the first problem set, but human investigation is required to address the second.Gary applauds the diversity of backgrounds found in today's security professionals, but wonders what will happen when this rag-tag bunch (myself included) is eventually replaced by "formally" trained college security graduates.

Second, Gary explains that although tools cannot replace a flaw-finding human, they can assist programmers trying to avoid writing bugs.Gary is the only author I encountered who acknowledged that it is unrealistic to expect a programmer to keep dozens or hundreds of sound coding practices and historical vulnerabilities in his head while writing software.An automated tool is a powerful way to apply secure coding lessons in a repeatable and measurable manner.Gary also reframed the way I look at software penetration testing, by showing in ch 6 that they are best used to discover environmental and configuration problems of software in production.

Third, Gary is not afraid to point out the problems with other interpretations of the software security problem.I almost fell out of my chair when I read his critique on pp 140-7 and p 213 of Microsoft's improper use of terms like "threat" in their so-called "threat model."Gary is absolutely right to say Microsoft is performing "risk analysis," not "threat analysis."(I laughed when I read him describe Microsoft's "Threat Modeling" as "[t]he unfortunately titled book" on p 310.)I examine this issue deeper in my reviews of Microsoft's books.Gary is also correct when he states on p 153 that "security is more like insurance than it is some kind of investment."I bookmarked the section (pp 292, 296-7) where Gary explained how the "19 Deadly Sins of Software Security" mix "specific types of errors and vulnerability classes and talk about them all at the same level of abstraction."He's also right that the OWASP Top Ten suffers the same problem. Finally, Gary understands the relationships between operators and developers and the importance of security vocabulary.

I was pleasantly surprised by "Software Security".I reviewed an early draft for Addison-Wesley and wondered where the author was taking this book.It ended up being my favorite software security book, easily complementing Gary's earlier book "Building Secure Software."In my opinion, Gary is thinking properly about all the fundamental issues that matter.This book should be distributed to all Microsoft developers to help them frame the software security problem properly. ... Read more

Product Description
The Software Requirements Memory Jogger is an easy-to-use guide for developing and managing precise software requirements. The Software Requirements Memory Jogger provides every member of your project team with the tools and techniques to foster communication between business and technical teams on the necessary requirements for producing successful software. The Software Requirements Memory Jogger will benefit all stakeholders at any organizational level involved in software development projects management team, practitioners, QA/QC personnel. - Explore practical steps, tips, and examples to help you develop and manage requirements- Follow the User Requirements Roadmap a toolkit of techniques for discovering and analyzing user requirements- Streamline communications between all requirements stakeholders- Learn how to write clear, concise requirements documents ... Read more

Customer Reviews (27)

A Well Worn Favorite
Ever since I first stumbled across this little gem five or six years ago it has become a permanent fixture on my desk or else in my laptop case if I'm on the road. Consider it the Cliff notes of requirements definition. If you already know something about the topic it's a great quick reference and refresher. If you don't know much, but you get thrown into the fire and have a little apptitude this is a pretty good place to start.

My company recently assembled a team to do business analysis on a large and painful ERP implementation. While most of the team members had expertise in the business processes and IT in general, very few of them had any specific training or experience in business requirements definition. Team members from around the world were already on the plane on the way to the U.S. for a project kick off and I was asked to just "throw together some templates" to help them get started. Aaaack! It didn't take much to persuade the project leadsthat they needed some training to go with the templates. Me and my big mouth! They wanted me to do the training. Please, make business analysts out of these folks in the course of two days?

No problem.

Knowing something about their business problem and having a file full of presentations and impromptu trainings from over the years I was able to hack something together that emphasized the requirements models that will be most important to them. But then what? The jogger to the rescue. We ordered up a box full of them from Amazon on a Friday, had them in the office on Monday, and started using them on Tuesday. I started out by having them copy my color-coded bookmarks (especially pages 15-16, 19, and 114 ) and periodically answered questions by saying, "Well, let's see what Ellen says." By the end of the week Ellen was an old friend. The next week I dropped in on their requirements planning activities and all of them had their joggers out on the table. This week the entire team is on the road to Singapore and guess what was on the packing list? You guessed it . . . The Jogger.

Most useful requirements book I own
Our local IIBA chapter was giving this book out for a door prize a few years ago, when I was just starting my BA career. I had the opportunity to peruse it at the meeting and ordered it the next day. Since then, I have acquired an impressive library of requirements-related books, but this is the single most useful and USED resource I own.

The title almost diminishes how detailed and helpful the book is. Yes - it is petite (there is a larger version now available), but it is loaded with detailed information.

The techniques and templates provided are of particular help when I am starting a project in an unfamiliar area of the system. The book helps get my creative ideas flowing and gives me ideas of different ways to approach a problem.

I highly and enthusiastically recommend this book.

It's really a full text in microscopic print
Another reviewer said this:

"What "Memory Jogger" delivered was a good basic text on the requirements process presented in a virtually unusable format."

Amen to that.This thing is not portable as the moiker 'memory jogger' implies; and because rthe print is so small, it's very difficult to use at your desk.

What's more, I bought mine from Amazon, and they've cleverly (read intentionally and deceivingly) excluded themselves from receiving seller feedback.When I bought my copy, there were no dimensions provided for the book.This meant there was no way for me to determine that it wasn't a reasonably sized, pamphlet-style book.

I didn't want to return it (it has useful information), but until I remembered to do this review, I had no way to complain about how misleading the portrayal of this book is.

Great reference!
I find my copy of the Software Req Memory Jogger absolutely invaluable, it's effectively a complete software requirements course in a little book! I use it all the time and it has helped considerably when needing focus and/or guidance on my tasks.

GR8 little reference guide!
For a non-IT person, this little book is a GR8 quick reference guide, just to be able to grasp the 'techno-speak' of IT 'geeks'. With a strong Human Resources background, I have recently moved into a Change Management role on ERP projects, and this book demystifies the TLA's (three letter acronyms) thrown around by IT boffins. Terminology is explained very well, as well as making reference on what a spesific term may mean in a different project/organisational environment (which you will find even amongst HR practitioners in a dialogue on the HR discipline, or 'domain', as the guide also explains). A steal for the price, I have purchased books at three times the price with three times less 'substance'.

It really does not fit into a normal shirt pocket as another reviewer has pointed out, but in Winter, fits snugly in the inside pocket of a Jeep jacket, and does not take up much space in a laptop bag. I don't let this little book lying around at work, it may just disappear... ... Read more

Product Description
Pattern-oriented software architecture is a new approach to software development. This book represents the progression and evolution of the pattern approach into a system of patterns capable of describing and documenting large-scale applications. A pattern system provides, on one level, a pool of proven solutions to many recurring design problems. On another it shows how to combine individual patterns into heterogeneous structures and as such it can be used to facilitate a constructive development of software systems. Uniquely, the patterns that are presented in this book span several levels of abstraction, from high-level architectural patterns and medium-level design patterns to low-level idioms. The intention of, and motivation for, this book is to support both novices and experts in software development. Novices will gain from the experience inherent in pattern descriptions and experts will hopefully make use of, add to, extend and modify patterns to tailor them to their own needs. None of the pattern descriptions are cast in stone and, just as they are borne from experience, it is expected that further use will feed in and refine individual patterns and produce an evolving system of patterns.Amazon.com Review
Pattern-Oriented Software Architecture: A System ofPatterns looks at how patterns occur on three different levels--insoftware architecture, in everyday design, and in idioms (whichdescribe how a particular design pattern is implemented in aprogramming language like C++). This synthetic approach is a littletheoretical at times, but the authors also present over a dozenpatterns and provide real-world examples wherever possible.

For architectural patterns, the authors look at the Layers pattern,used in operating systems such as Windows NT and virtualmachines. They also consider Pipes and Filters, which process streamsof data. (This pattern, the authors point out, is a lynchpin of Unix.)Their Blackboard pattern shows how a complex problem, such as image orspeech recognition can be broken up into smaller, specializedsubsystems that work together to solve a problem. (For recognizingwords from a raw waveform input, a Blackboard approach might haveseparate processes to find phonemes, then words, then sentences.)

This book also looks at today's distributed systems in considering theBroker pattern, which is used on the Internet and in Microsoft's OLEtechnology.This section also presents several powerful patterns forbuilding effective graphical user interfaces, such asModel-View-Controller.

The authors define several well-known design patterns, such as theProxy and Command patterns, and also basic, far-reaching patterns,such as Whole-Part and Master-Slave, which are widely used throughoutcomputing. Their survey ends with a discussion on the way objects cancommunicate (using such patterns as Forwarder-Receiver,Client-Dispatcher-Server, and Publisher-Subscriber), which manydevelopers will recognize as familiar patterns, but are codified hereas "official" patterns. The book then discusses some idiomsin C++ and a more far-reaching role for patterns in software designand architecture.By fitting patterns into traditional softwareengineering practices, the authors of Pattern-Oriented SoftwareArchitecture successfully argue that the role for patterns willonly continue to diversify and enrich tomorrow's software engineeringtools and methodologies. --Richard Dragan ... Read more

Customer Reviews (16)

Too expensive
$70 for a stream of bytes? Even for a hardcover technical book, that's a tough sell.

Amazing book
This book uses an easy way to explain system patterns. I think every software developer has to read this book; it's a nice reference to help software architects doing a well-done job. Another great reference that you may have in your list of references is the classical book "Design Pattern", also at Amazon.com.

The second best pattern book
Second best isn't bad when the #1 book changed forever the way software architecture is talked about.GoF is not only well-written, but it covers all the basic, most-used patterns.Everybody thereafter is going to have to either re-hash GoF, criticize it, or come up with new patterns which are not as fundamental.

This book is full of new patterns, and fortunately they are good ones: Command, Broker, Layers and worth the price of the book in itself Presentation-Abstraction-Controller.

PAC can be seen as a generalization and extension of Model/View/Controller.The Abstraction is the domain-specific part of the architecture, effectively the Model.The Presentation exposes the Model in some interesting way, either as a user-interface in which case it is a View, or as an API, in which case the Presentation becomes a new Abstraction used by the next level up.The Controller is left with the job of coordinating the Presentation and the Model.The key to the pattern is that PAC agents can be built up into layers with the Presentation API of each lower agent creating a higher abstraction for the next level.Thus PAC becomes MVC for all or your architecture, not just the UI.

The book goes into this at length and adds useful discussion of MVC.Highly recommended.

Not concrete enough
First of all, you need to understand the patterns in the gang of four book before you attempt to read this one.They talk about them all over the place without explaining them.That's a warning, it didn't affect my review.

The major thing I don't like about this book is the abstractness with which they talk.They give you a high level description of a pattern and leave you with that fogginess.

I think the examples were poorly chosen.I would have prefered to have examples that are only as complicated as they needed to be.Unfortunately the book uses examples like, "We're going to make a voice recognition application" or "We're going to make an OS that can run applications that were built on Unix or WinNT or Linux".I think the intent was to have some real-world-I've-been-working-for-six-years examples... it would have been smarter to put the real world examples in a separate chapter and keep the design pattern explanations simple.

Also, I hate the diagrams.They should have just copied the diagrams in the GoF book!Instead they chose these diagrams that give less info and IMO are downright ambiguous in some situations.Another thing the GoF book does is have 2 separate diagrams, one that's a (simple) real world example and another that's a diagram of the actual pattern.This book only has the diagram of the actual pattern.

I disagree with those that say this book is better than the GoF book.I think what they like is the material covered.Material aside, the GoF book presents the information in a much clearer way.That's why I prefer the GoF book over this one.

Clear and wide-ranging
This is an unusual book in the pattern genre. It presents a number of patterns, categorized by archtiectural level. That's just the first part of the book, though. The third of the book is about the process of using, relating, collecting, and distributing patterns.

Only chapter 2 really addresses patterns for the strategic, architectural level of a software system. It does a very adequate job, using a variety of notations, examples, and analysis steps. This book is from 1996, so time has changed our view of some patterns. "Reflection," for example, has become pervasive in applications based on plugins and software components. It is also a fundamental API in the major langauges (Java and C#) released since this book was published - perhaps reflection should be downgraded to an "idiom". That's just nitpicking, though, since reflection is even more important now than when the book was written.

For contrast, the authors present additional design patterns (including some from Gamma's book) for use at tactical design levels. They also discuss idioms patterns that typically involve just a few lines of code within on function. The contrast between the three different levels of implementation and design gives a useful discussion. The authors also present a weak chapter on "systems" or "langauges" of patterns The discussion is OK as far as it goes. The weakness is in what it omits. After reading this brief chapter, the programmer has very little practical information about choosing patterns from some library for some task. The poor programmer has no information at all about how to link patterns together, and that's a real stumbling block for beginning pattern users.

The final section of the book is really sociology. It's about the pattern community, what that community is for, and how to be a working member. I find the discussion un-helpful, but I expect opinions to differ.

Even today, this is a good second book (after Gamma's 'Design Patterns') on patterns and pattern usage. It lack the depth and precision of Gamma's book, and tends to add words without adding meaning. On the positive side, it's broader than Gamma's, and addresses a wider range of implementation levels. ... Read more

Product Description

"What makes this book so important is that it reflects the experiences of two of the industry's most experienced hands at getting real-world engineers to understand just what they're being asked for when they're asked to write secure code. The book reflects Michael Howard's and David LeBlanc's experience in the trenches working with developers years after code was long since shipped, informing them of problems." --From the Foreword by Dan Kaminsky, Director of Penetration Testing, IOActive

Eradicate the Most Notorious Insecure Designs and Coding Vulnerabilities

Fully updated to cover the latest security issues, 24 Deadly Sins of Software Security reveals the most common design and coding errors and explains how to fix each one-or better yet, avoid them from the start. Michael Howard and David LeBlanc, who teach Microsoft employees and the world how to secure code, have partnered again with John Viega, who uncovered the original 19 deadly programming sins. They have completely revised the book to address the most recent vulnerabilities and have added five brand-new sins. This practical guide covers all platforms, languages, and types of applications. Eliminate these security flaws from your code:

• SQL injection
• Web server- and client-related vulnerabilities
• Use of magic URLs, predictable cookies, and hidden form fields
• Buffer overruns
• Format string problems
• Integer overflows
• C++ catastrophes
• Insecure exception handling
• Command injection
• Failure to handle errors
• Information leakage
• Race conditions
• Poor usability
• Not updating easily
• Executing code with too much privilege
• Failure to protect stored data
• Insecure mobile code
• Use of weak password-based systems
• Weak random numbers
• Using cryptography incorrectly
• Failing to protect network traffic
• Improper use of PKI
• Trusting network name resolution

Customer Reviews (2)

24 Deadly Sins of Software Security
24 Deadly Sins carries on in the great tradition of the original 19 Deadly Sins but has expanded to cover problems that have developed since then as well as added coverage for more programing languages. It serves as a great introduction to the most common problems in software development that lead to security issues without getting bogged down in the weeds on any of them. It does not go into a great deal of detail so if that is what you are looking for this isn't the book you want but it does do what it sets out to do.

The organization of the book lends itself to a straight read through and as a jump around reference to cover the problems you need to look at when you need to look at them. Most chapters stand alone quite well and most references to other chapters are about closely related sins. It describes the basics of the problem, goes into more detail and helps you try to spot the problem in various languages. It covers some of the ways you can avoid the problems and provides additional remediation if available.

The book lends itself to being a decent text book on software security problems and its basic structure is not a bad approach to an introduction to the topic. I've been teaching an introduction to secure development class for a couple of years that was mostly based on the original book and I'm finishing updating that to the new 24 Deadly Sins breakdown.

Basic Computer Security Reminders are Helpful
This book has basic computer security programmer "reminders". The best part is the reference sections for up to date information: [...] common vulnerabilities and exposures. I suppose we could just go there and not buy this book. But in general, reading of the book and then periodic re-reading, thus refreshing one's programming brain is useful. That is the value of this book - reminders. The explanation of the sin includes a description of real experiences, is at times funny and enjoyable to read. But, there is a lack of actual code (sparse at best) and no CD at all - unfortunately. The "sin" theme is over done and gets annoying. The organization is good and includes Unix, Linux and Mac OS-X which are the platforms I usually deal with. Windows is there, but I have "given up" trying to secure MS Windows (it's futile IMO). Cross platform languages and webs apps are all covered. I deal mostly with crypto and random number generation. There are several chapters that organized my thinking on those subjects.There are 393 pages not as Amazon states 432. Why do they get that wrong so much of the time? . . . To justify the price? Oh well, there goes another $30+ - at least we get a discount. ... Read more

Product Description

Written by a software developer for software developers, this book is a unique collection of the latest software development methods. The author includes OOD, UML, Design Patterns, Agile and XP methods with a detailed description of a complete software design for reusable programs in C++ and Java. Using a practical, problem-solving approach, it shows how to develop an object-oriented application—from the early stages of analysis, through the low-level design and into the implementation. Walks readers through the designer's thoughts — showing the errors, blind alleys, and creative insights that occur throughout the software design process. The book covers: Statics and Dynamics; Principles of Class Design; Complexity Management; Principles of Package Design; Analysis and Design; Patterns and Paradigm Crossings. Explains the principles of OOD, one by one, and then demonstrates them with numerous examples, completely worked-through designs, and case studies. Covers traps, pitfalls, and work arounds in the application of C++ and OOD and then shows how Agile methods can be used. Discusses the methods for designing and developing big software in detail. Features a three-chapter, in-depth, single case study of a building security system. For Software Engineers, Programmers, and Analysts who want to understand how to design object oriented software with state of the art methods.

Customer Reviews (34)

What every software engineer should read
This has to be one of the most practical books I have ever read on the practices of software programming. It gives realistic business situations and gives step by step instructions how to deal with them. Very practical and useful.

An excellent introduction by examples
This is an excellent introduction to the Agile Software Development concept for anyone who learns best from examples. Mr. Martin's book is essentially a collection of introductory concepts and principles he has spoken or written about elsewhere.Much of it may be available on the web with some searching but here it is organized logically into 3 major approaches to learning: concepts, principles, and case studies.In the first chapters Mr. Martin takes us on a high flyover of Agile Software concepts such as extreme programming and test-driven development practices.Next he takes us through Java and C++ examples to demonstrate programming with key principles in mind such as "The Single-Responsibility Principle" and "The Interface-Segregation Principle." Finally he sums up the concepts and principles by examples using several real world case studies.

Mr. Martin is a master at this sort of approach to teaching software design.Those familiar with his work will immediately recognize his hand.Some (perhaps most) learn well from this approach and the organization of the book lends itself well to a classroom study or self-directed learning. This is an excellent introduction to an important and timely topic.

Are you part of the problem or are you part of the solution in the disaster that is software development?
Reader,

This book addresses some of the key reasons software continues to fail. It firmly ends the discussion that was never relevant of 'Agile means you do not have to REALLY known OO design'.

Indeed to be 'Agile' and not create iteratively 'crap', the only real way is via your mastery of OO Design. Long term systems that withstand change do not happen via accidential discovery with a lack of vision and core design at the core.

You can work in software with a lot of gaps, but the content here defines what is mandatory for even moderate levels of interesting work.

Do you agree in the following as a common value of `good' for software?

FROM: http://articles.techrepublic.com.com/5100-10878_11-1050347.html

Good design

Well-designed applications offer software components that are more robust, more maintainable, and more reusable. Such applications should be able to adapt changing business needs without affecting design. For example, a banking application should be able to support new types of accounts without a change in the existing design.

Three key points of good design are:

Maintainability, which is the ease with which a software system or component can be modified to adapt to changing environments, improve performance, correct faults, or other attributes. Well-designed applications require fewer resources for maintenance and changes.

Reusability, which is the degree to which a software module or components can be used in more than one computing program or software system. Reusability of software components helps ensure faster development of software applications.

Robustness, which is the stability of software applications in extreme situations (e.g., maximum load conditions, erroneous user inputs). Robust applications have less downtime and can reduce maintenance costs.

Bad design
Nobody plans to create ill-designed applications. It often happens because of a lack of experience or because the app was designed quickly to meet an extremely tight deadline. Poorly designed applications usually have these problems in common:

They're rigid. A design is rigid if it cannot be easily changed. For example, a single change to heavily interdependent, rigid software could begin a cascade of changes in dependent packages. When such a program grows in size, the designers or maintainers cannot predict the extent of that cascade of change, and the impact of the change cannot be estimated. This makes the cost of the change impossible to estimate.
They're fragile. Poorly created programs have a tendency to break in many places when a single change is made. Simple changes to one part of the application can lead to failures in other parts that appear to be completely unrelated. Fixing those problems leads to even more issues, and the maintenance process begins to resemble a dog chasing its tail. Such fragility greatly decreases the credibility of the design and maintenance organization, which leaves users and managers unable to predict the future quality of the product.


They're not reusable. A design is difficult to reuse when its desirable parts are highly dependent upon other details, which aren't desired. If the design is highly interdependent, other designers will also be daunted by the amount of work necessary to separate the desirable portion of the design from the parts that aren't reusable. In most such cases, the cost of the separation is deemed to be higher than the cost of redevelopment of the design.

Still with me? Ok..


.NET developers historically have lacked (as compared to other OFA (one framework only) developers) at the very, very least) acceptable OO Design skills. I mean even remotely `predictably' acceptable. Sure I worked with many teams who were exceptions but they were all from other (Java/Smalltalk) environments. Even C++ developers can slant to a master of C, deep internals, and Fragile Base Class disaster (grin). So Microsoft would have been nuts as they have always know this to put multiple-inheritance into C#. I digress... This is relevant to the book I swear....

Uncle Bob Martin created a masterpiece here that is still just as (more?) relevant. It is utterly transformative for anyone who wants to be even remotely productive on a team of best-practice types.

FYI this is the book used when I teach 'Core Object Oriented Design for the C# Developer' around the country.

NOTE: Do not let the word 'Agile' fool you. This is a book about best practices in software design and development. Agile just assumes you already know this material, yet most I work with do not.

He provides definitive coverage of the most critical reasons for failure if you skip then. For example, inheritance in OO is wrong for most cases used today in .NET.

Liskov substitution principle
Read this (covered in detail in this book):


Kind Regards,
Damon Wilder Carr
http://blog.domaindotnet.com

It's a great book
It's a great book. As a senior developer with more than 5 year's experieces of Object-Oriented Design, I think this is a valuable pragmatic book about how to do in a practical project.

Good book
I bought this for my brother.Got for a good deal on Amazon.Very happy with the fast delivery by Amazon. ... Read more