 |
Myths, Fads, and False Economies:
|
| ABSTRACT |
It is clear from reading any newspaper
or magazine that there is a real problem with the security of information
systems. Viruses, break-ins, spam, identity theft, and concerns with cyberterrorism
are all on the rise. Yet, with over 50 years of experience with building
security tools and systems, why aren't things better than they are?
The answer is that the field has been plagued by a number of mistaken
beliefs, some bordering on the realm of superstition. If you believe that
using strong cryptography provides good security, that open source is
more secure than proprietary code, that the next release will be more
secure than the current code, that full disclosure prevents break-ins,
or that better firewalls are the answer, then you have fallen victim to
the myths. In this talk, I will discuss some of the pervasive (and incorrect) beliefs
that make building and operating secure systems such a difficult task.
| BIO |
Gene Spafford is a Professor of Computer Sciences at Purdue University, where he has been on the faculty since 1987. His current research interests are primarily in the areas of information security, computer crime investigation and information ethics. He also has a courtesy appointment as a Professor of Philosophy at Purdue.
Spaf (as he is known to his friends, colleagues, and students) is director of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security), and was the founder and director of the (superseded) COAST Laboratory.
Spaf is also involved in a number of professional societies and activities outside Purdue, including serving on the Board of Directors of the Computing Research Association and as co-chair of the ACM's US Public Policy Committee.