Java Security by Gary McGraw and Ed Felten is not just a reprint of the Java security papers from the Princeton group, but a very well written and comprehensive book. No home should be without it - and certainly no web user or IT security staff member. The book is brief, to the point and written in a language which imparts a thorough understanding of the issues to those 'in the know' (who read between the lines) while at the same time providing the less initiated with sufficient knowledge to assess the possible impact of this problem on his computers, and helping to implement compatible countermeasures.

The book is also very polite. It is not patronising, and it does not yell in capital letters at those, who decided to go ahaed and publish Java versions without first making a formal description and verification of its security model. It could have, but the Princeton team chose co-operation with the Java designers instead. A very wise decisioin which will benefit us all.

The book is timely, because it is not yet too late to incorporate proper security into Java for commercial reasons. A language such as Java is badly needed, and it badly needs to be secure. The commercial interests at stake are huge, but so far the designers and implementors of Java have proven co-operative and willing to amend their security models, so the flicker at the end of the tunnel may be genuine light.

After the publication of this book there is no excuse to get badly clubbered by Java attack applets. Buy it!

Java Security - Hostile Applets, Holes and Antidotes,Gary McGraw and Edward W. Felten, 194 pages, Wiley Computer Publishing, New York 1996, ISBN 0-471-17842-X.