You should buy Threat Modeling: Designing For Security from whatever source you prefer.
如果你是一名软件开发人员、系统管理人员或者安全专业人员，《威胁建模(设 计和交付更安全的软件)》将告诉你在安全开发软件的生命周期中或者软件和系 统总体设计的过程中如何使用威胁建模方法。 (In other words, there's a Chinese edition, available at Amazon.cn.)
Threat Modeling: Designing for Security is available everywhere fine books are sold. Conference bookstores like the RSA Conference bookstore should also carry the book.
Anyone can learn to threat model, and what's more, everyone should. Threat modeling is an essential skill for those creating technology of all sorts, and until now, it's been too hard to learn. Threat Modeling: Designing for Security makes threat modeling accessible to developers, systems architects or operators, and helps security professionals make sense of the advice they've gotten over the years.
Finding security bugs after your code has shipped stinks, and so does finding them as you're getting ready to ship. You want to find them early, but until now, threat modeling has been too scary, too process heavy, too hard to connect to the rest of how you ship, or just didn't give you enough bang for the buck. That changes now.
Wiley is happy to help you with bulk orders of the book, which can kick in at a surprisingly small number of copies. Please use the "contact us" page and indicate that you're looking for a bulk discount.
Wiley will also provide copies for educators considering using the book as a textbook. Please use Wiley's textbook request form.
Every now and then someone asks where the author will make more money. We think Adam will make a little more if you buy it from Wiley, but you're not buying it so he can make money, you're buying it to help you threat model.