Carnegie Mellon University
May 06, 2014

News Brief: Cybersecurity Author and Alumnus Visits Campus for Book Signing

Contact: Sherry Stokes / 412-268-5976 / stokes@cmu.edu

Core Security Book CoverPITTSBURGH—Software developers are at the front line of cyber defense. When planning his third book about security, Anmol Misra (E '05) wanted to write it from the developer's perspective.

Misra and his co-author James Ransome, senior director of product security at McAfee, an Intel Company, reflected on years of lessons learned and experiences with Fortune 500 clients and devised a methodology that builds security into software development. The newly published book "Core Software Security, Security at the Source" takes an innovative approach that engages the creativity of the developer.

"Despite best intentions and efforts, software is not secure. Often we see companies trying to go back and fix problems after software is released. This costs tremendous amounts of money and effort, while also leaving people vulnerable. My co-author and I wanted to share why the one-size-fits-all approach leads to insecure software development," said Misra, who earned his master's degree in information networking at Carnegie Mellon's Information Networking Institute (INI) in 2005.

The statistics are compelling. Despite quick responses by vendors to release patches and upgrades for compromised operating systems and software, cyber attacks continue to rise. The year marked the highest number in five years with 4,794 reported security vulnerabilities or 13 per day, according to the National Vulnerability Database. Enterprises have not been successful in developing secure software consistently — a trend that is likely to continue as companies and individuals alike increasingly depend on the Internet for technologies such as cloud computing, mobile devices and networked appliances and vehicles.

The book covers embedding security as a part of existing software development methods, and how security can be a business enabler and a competitive differentiator. Throughout the book, the authors describe a modern, holistic framework for software security that includes people, process and technology. The book includes metrics, cost effectiveness, case studies, threat modeling and considerations for mobile software and privacy.

"First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats," said Dena Haritos Tsamitis, director of the INI.

Misra will visit campus Friday, May 9. The community is invited to meet the author for a book signing from 4 - 5 p.m. at the University Store in the Jared L. Cohon University Center. The book may be purchased at the signing.

The book is also available at www.amazon.com and www.crcpress.com.

###