// Comparison

Designing Secure Software vs Zero Trust Networks: Which Should You Read?

Two cybersecurity books on Defensive, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

5/52021

A Guide for Developers

Loren Kohnfelder

Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.

Intermediate

4/52017

Zero Trust Networks

Building Secure Systems in Untrusted Networks

Evan Gilman, Doug Barth

Evan Gilman and Doug Barth's pre-marketing-bubble treatment of zero-trust architecture — what it is when you actually implement it (trust evaluation, device identity, dynamic policy) versus what the vendor pitch turned it into.

Read this if

Senior developers and architects who already write code well and now want to design systems that don't ship CVEs. Kohnfelder is the author who literally wrote the X.509 paper; the book is a career's worth of design wisdom in 312 pages.

Architects and platform engineers tasked with implementing zero-trust without buying a product called Zero Trust. The book is the rare resource that walks through the engineering substrate — service identity, attestation, policy decision points — instead of the marketing.

Skip this if

Beginners or readers wanting hands-on tooling. The book is design-level: principles, patterns, and case studies. Pair with implementation-level books for the line-of-code view.

Readers wanting current vendor-comparison or specific cloud-native zero-trust (BeyondCorp, Tailscale, Cloudflare Access, Tetragon) detail. The 2017 publication pre-dates almost all of the productized zero-trust marketplace; the principles are durable, the products are not.

Key takeaways

Secure-by-design is mostly avoided pitfalls; the book's enumeration of common-but-fatal mistakes is the cleanest mental checklist a designer can carry.
Trust boundaries are the single most useful concept in secure design; the book teaches you to see them in any architecture.
Most security debates inside engineering organizations resolve to a handful of repeated trade-offs (defense in depth vs. simplicity, blocking vs. logging, fail-open vs. fail-closed); the book names them and provides the language for the conversation.

Zero trust is a property of the architecture, not a product; the book makes this case convincingly enough that it should be the first read for anyone leading a ZT initiative.
Device and workload identity are the load-bearing layer most ZT deployments under-invest in.
Migration is the project — most organizations cannot adopt zero trust without a multi-year incremental plan, and the book's chapters on incremental rollout are the most useful in practice.

How they compare

We rate Designing Secure Software higher (5/5 against 4/5 for Zero Trust Networks). For most readers, that means Designing Secure Software is the primary pick and Zero Trust Networks is a useful follow-up.

Both books target intermediate-level readers, so the choice is about topic, not difficulty.

Designing Secure Software and Zero Trust Networks both cover Defensive, so reading them in sequence reinforces the same material from different angles.

Keep reading

Designing Secure Software

→ Alternatives to Designing Secure Software → What to read after Designing Secure Software