"Security Engineering" now available free online

I’m delighted to announce that my book Security Engineering – A Guide to Building Dependable Distributed Systems is now available free online in its entirety. You may download any or all of the chapters from the book’s web page.

I’ve long been an advocate of open science and open publishing; all my scientific papers go online and I no longer even referee for publications that sit behind a paywall. But some people think books are different. I don’t agree.

The first edition of my book was also put online four years after publication by agreement with the publishers. That took some argument but we found that sales actually increased; for serious books, free online copies and paid-for paper copies can be complements, not substitutes. We are all grateful to authors like David MacKay for pioneering this. So when I wrote the second edition I agreed with Wiley that we’d treat it the same way, and here it is. Enjoy!

24 thoughts on “"Security Engineering" now available free online

  1. Hi Ross, thanks for this excellent work and sharing this. One little issue: chapter 21 is missing?

  2. Thanks making this available. Its really nice to have a electronic copy.

    FYI, chapter 22 has the link for chapter 21. Chapter 22 is there just not linked from main page.

  3. Very helpful to make this available electronically. Is there any way to download the text as a single PDF instead of 32 separate files?

  4. I really appreciate that the book is now freely available, albeit a little late for me, as I have bought it on Google Play just at the end of last year. I hope more authors follow that example.

  5. Thanks for making this free online. I enjoyed reading it on paper.

    I wonder if you might want to edit the PDFs slightly to make sure your name and the title of the book is included in each one, in case someone downloads it and then forgets where it came from, or downloads it and passes on a copy.

    http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c10.pdf , for instance, doesn’t have these anywhere visible on the pages, and there’s also nothing useful in the PDF property metadata for “Title” or “Author”.

  6. @Ross, Thank you for making this book available online.

    @Aron .

    It is easy to merge all pdf in one pdf so that you have the book.
    You can use tool pdftk http://goo.gl/9agWV to merge pdfs.

    To download all pdf’s at once, from Firefox you can use add-on downthem all. Select all links from “table of contents” to “index” and then right click to downthem all.

    You can even convert the JPG portrait book image to pdf and merge it too…

  7. I have bought both the first edition and the second edition. It is required reading for all the people on my team.

  8. Thanks! The first thing I did when I saw that you’d made it available for free, was go and buy a paper copy. I appreciate having both around.

  9. I’m glad you all like it!

    Yes, it is in memory of Aaron in a small way. I’d had an agreement with Wiley to put the book online four years after publication, but it was Aaron’s tragic death that spurred me to do it


  10. Thanks for taking a stand against the escalating greed of the university press publishers. I live near a large library and can almost always get access to whatever I need. Whenever I see a pay-wall charging $30 for an article, or a $250 price tag on an academic book, I always think about bright people in remote areas of the world who may have sporadic access to the internet and just want to learn without paying a months salary to get the information they are seeking. While I was thinking about it, Aaron Swartz was doing something about it. Again, many thanks for doing your part in the struggle for freedom of information.

  11. Thanks for this Ross.

    Very useful as a resource for all of us, plus makes a statement about making content available online that needs to be shouted from the rooftops much more than it has…

    People need to know that making content available does not “rob poor authors of their rice bowl”.

    Kudos to you, Aaron Schwartz, Cory Doctorow, Lawrence Lessig and other pioneers for setting the right trend and keeping human culture and information available for future generations, beyond the “commercially attractive” short lifespan of a print or DRM book.

  12. I hate to be a dissonant voice. But, had the downloadable version been available when the book came out, I would probably have downloaded it and not bought the hard copy. I slightly prefer using hard copy for books I read. I strongly prefer having a machine readable version for books I refer to.

    So, I think there is a trade-off here. I hope that the practice of making open access to books after four years catches on. But, there is a cost to authors and publishers of doing so.

  13. Hello Ross. I am very grateful for this free knowledge to the whole ICT community. Some organisation who call them selfs as ” precious metal” standard in IT security doesn’t have search a comprehensive literature on their security domains. inside selling poorly researched, bad wording standard security books to prospective students. Your book is the best security books I have read . so detailed and practical. I52^2 please learn for this and write better books for your domains.

  14. I suspect not. It’s big enough already; a revision that added another 300 pages would make it unmanageable.

    In any case much of the material doesn’t need much updating, particularly the chapters on specific applications; those chapters that would absorb the most effort, such as on access control, really need a whole new book; in that case to talk about how the world works with Android, iOS and all the IoT apps we’re starting to see. The basic account of the underlying *nix access controls is still sound though. Again, on crypto, we need a whole new book on cryptographic engineering, which would explain not only the dozen-odd attacks that have made TLS complicated, but also all the regulatory and political failures around certification. And then there’s the whole new world of cybercrime; in the 2000s we were mostly talking about what might go wrong, while now we have lots of data on what attacks actually get done. That in turn needs a new book around how attacks scale, about how law enforcement fails, and so on.

    The first two of these books are maybe best written by others.

  15. Hi Ross ,

    Your book inspired me a lot regarding security Engineering….Thank you for this wonderful book

Leave a Reply

Your email address will not be published. Required fields are marked *