[Book-Review] The Myths of Security: What the Computer Security Industry Doesn't Want You to Know
This book written by John Viega is meant mainly for non-security IT professionals and technical savvy people. The author highlighted his thoughts on - why AV fails, why we might get 0wned though we make safe caution against threat, why https fails, why IDS sucks, why CaptCha sucks, why responsible disclosure isn't responsible, why application security hasn't been achieved or won't be achieved for always. With the price of used book at $7.36~, it's worth to learn ideas from someone who have been in IT Security for many years and have written several security books (Building security softwares, Secure Programming Cookboook, 19 deadly sins of software,...etc).