OF THE MAKING 0F B00KS / 101 trve vrew Of what a glObal product is, an awareness that in the media business there are not many, and a skeptical view Of hOW easily synergles can be achieved. At the same time it has an expansrve V1ew of global ownership. Since American books travel more easily than those Of any Other country, the company was determined tO anchor its glObal expansion strategy tO a maJOr publishing acquisitlon in the United States. ln 1977 Bertelsmann bought Bantam, a leading mass-paperback publisher based in New York. Alberto Vitale, an ltalian Jew who had spent his early years in Egypt, was brought in as head 0f the com- pany. A graduate 0f the Wharton Sch001 and years 0f service at Olivetti and IFI, the ltalian company that owns Fiat, he was a cos- mopolitan businessman with no experience trade publishing. HOW- ever, he conceived what he proudly claims to be the book deal of the century, the ghost-written autobiography 0f Lee lacocca, which he insists will outsell GO 〃 ビ ル ″ わ 舫 ビ Wind by the end of the century. As the chain discounts cut intO mass-paperback sales, Bantam became a profitable hardcover publisher while maintaining its share of the mass-paperback market. ln 1986 Bertelsmann decided to buy DoubIeday, an old and fa- mous American publishing house for which it paid more than $ 475 million. The purchase included not only Doubleday and Dell pub- lishing operations, but the Literary Guild, which is the second-largest book club in the United States, seven smaller clubs, 50 percent of a British book club, four printing plants, and a chain of bookstores. NOt only did Bertelsmann share the general interest among European media companies in the newly concentrated book-publishing busi- ness in the United States, but it had particular reasons Of itS own tO acquire Doubleday. B00k clubs were the foundation 0f Bertelsmann's glob 引 business, and although Doubleday had a well-deserved repu- tation in the 1980S for being mismanaged and showed signs 0f floun- dering, Mark Woessner was confident that Bertelsmann could turn the operatlon around. Owning the bOOk clubs was important for defensive reasons as well. There was always the risk that the Amer- rcan book clubs might embark on a campaign t0 seize part 0f the highly profitable European market. The once-distinguished company had been run by the Doubledays for three generations. lt was famous for publishing commercial block- busters by such authors as Edna Ferber, Daphne Du Maurier, Her- man Wouk, Leon Uris, and Victoria H01t. Unlike virtually every other publisher, it had its own printing plants. lt had a roster 0f gifted
40 C わ 4 2 A R な た Ma 〃 age 川 ビ 厩 お ra 川 ビ 曜 0 黻 interested in specific best practices for software securitY' you should skip ahead to part Ⅱ . If you d0 skip ahead, make sure you cycle back around later in order t0 understand how the framework described here SUPP0rtS all Of the best practices. Putting Risk Management intO Practice The software security touchpoints exist tO drive out technical risk. Critical t0 proper application 0f the touchpoints is the notion 0f keeping track 0f security risks as they are uncovered and making sure they are properly dealt with. The RMF is about identifying, tracking, and mitigating software risk over t11 れ e. central tO the notion Of risk management is the idea Of describing impact. Recall from Chapter 1 that risk is defined as probability x impact. Without a clear and compelling tle tO either business or conse- quences, technical risks, SOft 、 defectS' and the like are not often com- pelling enough on their own t0 spur action. Though the risks I focus on in this book are all tied directly to software and all have clear security ramifi- catlons, unless they are described in terms that business people and decision makers understand, they will not likely be addressed. There is nothing more frustrating tO a technical person than identifying a serious problem that never gets fixed. we can avoid that frustration bY properly describing lmpact. Put more succinctly, a major hurdle t0 the proper handling 0f technical risk has been the inability t0 tie risk clearly t0 business impact. This leads t0 the techno-gibberish problem. software is a fairly geeky domain. lt's about arcane technology that business people don't understand. The question needs tO be: HOW dO you get business people tO care whether their software works or not? The answer has tO be that software risk must be understood, and related in terms Of business impact. As a technical person' you need t0 say something lik% "lf the flimflobble in sector four has a floos- blozzle failure, that means we will miss the first quarter number bY $ 2 mil- lion" ()s opposed t0 just saying the first part). Business people can relate t0 the last part Of the statement. The RMF described here is a condensed version 0f the Cigital RMF, which has been applied in the field for almost ten years. An RMF is designed tO manage software-induced business risks. For PUrPOSes Of the RMF is described here in the context Of a particular project; howeveg many
工 X レ Of the three pillars is a necessity for software security. ment, software security best practices (touchpoints), and knowledge. Each introduction of the three pillars of software security: applied risk manage- modern security demands. The most important material in Chapter 1 is the book is about making 4 〃 software behave, and how to do this in light of tinctlon is drawn between application security and software security. This based applications it makes available to you). For this reason, a critical dis- and your washing machine (not to mention your computer and the Web- security is relevant tO the kind of software found in your phone, your car, Software is everywhere and is the lifeblood of business and society. Software ity, extensibility, and complexity—deeply impacts soft 、 vare as much as ever,. heart. This may be 01d news to some, but the trinity of trouble—connectiv- the computer security problem and explains why broken software lies at its Chapter 1 , Defining a Discipline, begins with an in-depth description of updated with new numbers. in familiar territory here, though the treatment of the problem has been of B 〃 〃 市 〃 g S 〃 So ″ ル 4 and E ズ が 0 〃 g So ″ ル 4 尾 will find themselves mentals, is an updated introduction to the field of software security. Readers The book is divided into three parts. part I, Software security Funda- security risk. ル 4 S 〃 行 explains in detail how to properly address software-induced ful exploit-driven testing built on a foundation of risk management, SO ″ - security intO practice. Through the unification of proactive design and care- This book presents a coherent and detailed approach for putting software What This Book ls About open questions tO spark many a research program. would hope that each of the touchpoints provides enough in the way of The annotated bibliography in Chapter 13 will be usefulto new scientists. 1 most, though I am sure tO be flamed to a crisp by some professor or other. A 川 た s 4 〃 d s 尾 わ s will probably appreciate Chapter 12 the SOlid, secure software. worrymg about hOW tO transform an organizatlon so that it produces good, Chapter 10 should also prove valuable, especially to upper-level managers Chapter 2 , in place is very valuable (and can yield useful metrics to boot ). executlves, and puttlng a riSk management framework, as described in you sleep a little less soundly. Risk management comes naturally to business Business leadership will benefit from part I of the book, though it may make
OF THE MAKING 0F B00KS / 91 rounds, selling what they promised t0 be next year's best-sellers t0 book clubs and reprint houses around the world. Bantam had bought The Q ″ た 4 〃 d 舫 生 / ag ″ by the Nobel Prize winner Murray Gell- Mann, a bOOk destined for even 1 れ ore commercial success, SO 1tS promoters claimed, than Stephen Hawking's A B イ H な 0 一 石 川 ビ . (。 、 I will take the reader further, reaching for answers that people really want," the distinguished physicist promised. )2 This was a "big book" of the fair, along with Katharine Hepburn's memoirs, and publishers from around the world eagerly bid for the foreign rights. (Gell-Mann's manuscript was eventually rejected and has yet to ap- pear in print. ) The publishing industry has been transformed in the last thirty years as a result Of a four-stage process Of consolidation. First, be- ginning in the 1960S large corporations not previously in the print business began t0 acquire publishers 0f textbooks. These were mostly electronics-based conglomerates such as IBM, ITT, Litton, Westing- house, Xerox, and GTE. The education market was growing rapidly as the baby-boom generation poured intO the SChOOlS and govern- ment was spending more money on SChOOIS and universlties. The makers Of computers and related electronic hardware were convinced that the computer would be universally accepted as a prrmary teach- ing tool, and they figured that if they also controlled the textbook software, they could dominate another huge government-subsidized market. Then in the 1970S mass-communications companies began buying up publishers 0f "trade" books, as b00ks 0f general interest are known in the industry. RCA, which owned NBC at the time, t00k over Random House, CBS picked up H01t, Rinehart & Winston, and Gulf & ・ Western, which has since become a media conglomerate, started 0 幵 in this direction by buying Simon & Schuster. By the beginning of the 1980S only a handful 0f independent trade-book publishers remained. 、 lOSt Of these mergers, however, were ahead Of their tlme. The hardware companies and TV networks had little understanding of publishing. They looked for quick profits, and 3 mostly failed. The third stage in the takeover by large corporations of what had traditionally been a small and quirky business began when the own- ers Of the television networks, with mounting troubles Of their own, decided to unload their publishing acquisitions. A few U. S. -based print-media companies picked them up. ln 1980 Newhouse, the
70 / GLOBAL DREAMS three leading publishing houses in the United states Bertelsmann is a major force in the American bOOk industry. Within its collection Of subsidiaries around the world, the company owns everything it takes tO make bOOkS, magazines, newspapers, and brochures—except trees. AIthough the company had been in existence for well over a hun- dred years, Bertelsmann had tO reinvent itself from scratch at the end of World War Ⅱ . lts relncarnation was based on a cunous mix Of serendipity and misunderstanding. Reinhard M()hn' who had been captured while serving with Rommel's Afrika Korps' spent almost three years ln a POW camp in Concordia, Kansas. One day b00k carts began t0 appear at the camp bringing hand-me-down b00ks for the prisoners. Although he was an engineer bY training and had Shown no interest in the bOOk curiosity aroused. At about the same time he began hearing about the success- ful American publishing venture B00k-0f-the-Month Club' and some- how got the erroneous idea that the Club had sent the carts. ()n fact it seems t0 have been the ladies' auxiliary 0f a local church. ) He pictured the Club rolling its book carts filled with used books all across America, and it occurred tO him that door-to-door bookselling would be a terrific business for postwar Germany. The Germany to which M0hn returned in 1946 was devastated beyond belief. The round-the-clock bombing bY the U. S. and British air forces had destroyed almost 40 percent 0f all German factories including Bertelsmann's. The Nazis had distrusted the Bertelsmann family from the first because a year after Hitler came tO power Mohn's father had published the 、 、 Tecklenburg Confession," a Prot- estant document that denounced the Nazi doctrine Of state suprem- acy. Although young Reinhard M0hn served briefly in the Nazi A な 市 ビ 〃 立 and then joined the air force, and the religious pub- lishing house printed manuals for the troops all during the war' the Mohns did not demonstrate the zeal for der 繃 房 the Nazis de- manded. ln 1944 the regime closed the company down on the flimsy ground that it had illegally imported P 叩 er from Finland. 1 A few months later the RAF reduced the Bertelsmann printing plant t0 rubble. "lf the war is lost," Hitler had told Albert Speer just before the end, "the nation will 引 so perish. '' Hitler ordered everything de- stroyed— 、 、 all industrial plants, all important electrical facilities, wa- ter works, gas works, all stocks 0f food and clothing"—but although the orders were not obeyed, Hitler prolonged the resistance until his
"When it comes to software security, the devil is in the details. This book tackles the details. ” —Bruce Schneier CTO and founder, Counterpane Author of B00 〃 d F ビ and 立 じ な 4 〃 d ル s "N'lOSt people don't think coherently about security. Let's face it, most people don't think about security at all most of the time, including soft- ware developers. SO when something bad happens to them because a V1rus wipes out their disk drive they react, and like most first reactions, putting in firewalls and antivirus products is not the most appropriate solution. "ln this book, Gary McGraw thinks coherently about software security, and shows that robust and secure software needs forethought and planning. This should not be a surprise, but it often is. More importantly, though, Gary describes how to go about this. Now we just need to make lots of soft- 、 developers read it. " —Greg Rose Vice President of Product Security QualCOI れ 1 れ "With his latest book, McGraw continues tO offer an insider's view of the changing demands on companies that develop software. software quality and security, and the perception thereof, are driven by the need to research and understand the business and define the technology solutions to support those needs. Beyond the traditional emphasis on improving software qual- ity by focusing on the development methodology and process, McGraw takes a 1 れ ore hOliStiC view by concentrating on how the software compo- nents C01 れ e together around the operation of systems and seruces. If you have any dependency on software, you should read this book. —Ron Moritz Senior Vice President and Chief security Strategist Computer Associates "According tO Moore'S Law, the number of transistors that can be packed intO each square millimeter 0f a chip doubles every eighteen months. As a result, microprocessors get faster. RAM chips get bigger. These exponential lmprovements in hardware are fueling corresponding increases software complexity.
OF THE MAKING OF BOOKS / 103 owners in Germany clashed. The Doubleday executlves were lnter- ested in reviving a distinguished publishing house, not in Bertels- mann's bOttOl line. Bertelsmann executlves were bent on convmclng their board that they had not made a mistake. That meant trying to lncrease profits fast, a go 引 hard tO achieve ln any year in the industry but especially hard at the onset Of a recession. Vitale says that there was no editorial interference from Germany While he 、 president, but there was pressure tO cut COStS, and as the years went by the pressure from Bertelsmann lncreased. Bertelsmann kept replacing top executives of its publishing acqur- sitions. A 29-year-old American who had been at Book-of-the-Month Club was brought in to run the floundering book clubs, but he com- plained that he had tO share authority with a German executive and quit after mne months. One executive said the arrangement was like teaming a rock-and-roll star with a Tibetan monk. TOP executlves and editors at Doubleday and Bantam were replaced, in some cases tWICe ln a four-year periOd. German executlves were brought in tO rescue the floundering b00k clubs, and Bernard von Minckwitz, the head of BerteIsmann's worldwide book-publishing activities, began spending a month a year in New York. AS the German executlves played a 1 れ ore actlve role in overseeing their American media prop- erties, language problems surfaced. (Stephen Rubin, the head of Dou- bleday, recalls telling von Minckwitz that 、 'my hands were really tied, ” 19 and he looked down at my hands. ) But six years after the purchase, Bertelsmann's American bOOk- publishing ventures were d0ing better. German book-club experts began t0 understand the American market, and developed new clubs for the women's market and for children. The Literary Guild had begun to be profi い ble. ln July 1992 Doubleday, Dell, and Bantam had eleven books on the New Yo 黻 石 川 ぉ best-seller lists, three of them by JOhn Grisham, a new star writer Of crime novels. ln the recesslon year 1992 Bertelsmann did $ 2.5 billion worth of business in the United States and Canada. Worldwide, Bertelsmann sales were up more than 10 percent, and virtually alone among the global media 20 giants, Bertelsmann reduced its debt tO almost zero. The world's largest publishing company announced that it had bought a brand- new large office building on Broadway near Times Square in a bank- ruptcy sale after being offered a $l()-million "tax incentive package" by New York city and state authorities. The building has been re- named the Bertelsmann Building, a clear statement that Bertelsmann IS in the United States tO stay.
92 / GLOBAL DREAMS fourth-largest newspaper and magazine chain in the United States, a privately held family corporation, t00k over Random House from RCA. ShortIy thereafter the fourth stage began. Non-U. S. media and publishing corporations with large international holdings moved in and took over leading U. S. publishing houses. Rupert Murdoch— originally an Australian C1tizen until he swore allegiance tO the United States, thereby becoming eligible t0 buy a major TV property in Boston—added Harper & Row t0 his empire. Hachette bought Gro- lier, the publisher 0f E れ 0 日 0 々 ど 市 4 A 川 た 4 〃 4 ; Pearson, a British publishing giant, bought Viking, Penguin, and New American Li- brary; Robert Maxwell bought Macmillan and Scribner's; Bertels- mann acquired Bantam Doubleday Dell; and Matsushita bought the putnam Berkeley Group as part of its acquisition of MCA. The dollar was cheap, and global conglomerates found the prospect 0f picking up famous 01d American houses at bargain prices rrresistible. lt was a time Of unprecedented bOOk sales and extravagant talk. AS the 1980S began, the business press and financial analysts burbled about the synergies that would result from combining b00ks, b00k clubs, magazines, music, video, and films all under a single corporate roof. "The good compames must be integrated," Lee lsgur, Paine Webber's media analyst, declared. The pronouncement typified the fashionable wisdom 0f the Reagan era. The "information revolu- tl()n" had arrived, and communlcatlon, SO Wall Street promoters promised, was becoming the principal human activity. Any enterprise without a powerful communications capability would not make it in postindustrial society. " Billions Of dollars were raised for the merger Of communicatlons and Time, lnc. , WhiCh aISO owns BOOk- of-the-Month Club and Little, Brown, much of it by luring investors with the magic 0f synergy. But putting bOOkS, moues, magannes, and clubs under one cor- porate roof has produced few miracles. By and large, b00ks have t0 make it on their own. An order from conglomerate headquarters tO its film company tO make a movie Of one Of its literary properties that would not otherwise be selected iS obviously not good business. lt is not a good way t0 keep talented people wh0 are employed for their intuition about what will and will not sell. ln the book business, synergies have been most successful in the market. trademarked characters can serve equally well in b00ks, films, T-shirts, and theme parks. Of the ten best-selling children's paper-
2 Human Resources Kit FO 「 Dummies, 3 「 d Edition Some companies are lucky enough tO have their own HR professional or even an entire HR department. Most 0f these HR specialists have developed their skills through years 0f education and on-the-job experience. ln writing this bOOk, my aim is not tO pretend that I can magically turn you into a seasoned HR professional by the time you read the last page. I 面 believe, though, thatl can give you a fair representation Of the issues HR people deal with, how the best 0f them approach these challenges, and enough background to help you better oversee or handle the HR function for your organization ー both today and as you continue tO grow. AS you can see from the table Of contents, human resources is a very broad and varied discipline. One b00k can't possibly tell you everything you need tO know about this continually evolving subject area. SO, don't worry ー ー won't overwhelm you with information. On the contrary, everything you read in this b00k and every t001 available on the included CD directly relates to the operationalissues most companies deal with daily. What can you expect to gain from this book? For starters, you'll be better able to / Evaluate your company s current HR policies and practices to ensure that they've kept pace with changes in the HR landscape. / Understand the HR-related issues (changing demographics, for example) that are affecting the workplace 0f the future ー and make the necessary long-term plans for success. / DeveIop and implement an HR program that responds to the needs and resources Of your firm. / Understand the key regulatory issues that apply to many business owners and managers and, thus, put yourself in a better position tO guard against costly legal disputes. / Develop a strategic staffing mindset, ensuring that hiring and staffing practices and decisions are linked tO long-term and short-term business objectives. / Examine what today's most successful and progressive companies are dOing with respect tO such basic HR areas as recruiting, benefits, train- ing, performance management, and staff retention. / Gain insight intO practices (flextime and telecommuting, for example) that have become basic components Of today's 、 、 employee-friendly" workplace, determine which ones are right for your company, and administer them successfully and cost-effectively. This book provides general guidelines on how t0 set up and implement suc- forms, templates, web links, cessful HR practices, as well as actual tOOls and SO on ー that you can use right away. Human Resources Kit For Dummies, in Other words, is not simply a bOOk tO read; it's a bOOk tO use.