ColloquiaDistinguished Colloqium: Eugene Spafford - January 31, 2003
Margery Ishmael
marge at cs.uchicago.edu
Thu Jan 16 16:09:59 CST 2003
-------------------------------------------------------------------------------
DEPARTMENT OF COMPUTER SCIENCE
******DISTINGUISHED COLLOQUIUM******
-------------------------------------------------------------------------------
Date: Friday, January 31st, 2003
Time: 4:30 p.m.
Place: Ryerson Hall 251
Speaker: EUGENE H. SPAFFORD, Purdue University
Title: Myths, Fads, and False Economies: How NOT to Get Secure Systems
Abstract:
It is clear from reading any newspaper or magazine that there is a real
problem with the security of information systems. Viruses, break-ins, spam,
identity theft, and concerns with cyberterrorism are all on the rise. Yet,
with over 50 years of experience with building security tools and systems,
why aren't things better than they are? The answer is that the field has
been plagued by a number of mistaken beliefs, some bordering on the realm
of superstition. If you believe that using strong cryptography provides
good security, that open source is more secure than proprietary code, that
the next release will be more secure than the current code, that full
disclosure prevents break-ins, or that better firewalls are the answer,
then you have fallen victim to the myths. In this talk, I will discuss some
of the pervasive (and incorrect) beliefs that make building and operating
secure systems such a difficult task.
Bio:
Eugene H. Spafford is a professor of Computer Sciences at Purdue
University, a professor of Philosophy (courtesy appointment), and is
Director of the Center for Education Research Information Assurance and
Security. CERIAS is a campus-wide multi-disciplinary Center, with a
broadly-focused mission to explore issues related to protecting information
and information resources. Spaf has written extensively about information
security, software engineering, and professional ethics. He has published
over 100 articles and reports on his research, has written or contributed
to over a dozen books, and he serves on the editorial boards of most major
infosec-related journals.
Dr. Spafford is a Fellow of the ACM, Fellow of the AAAS, Fellow of the
IEEE, and is a charter recipient of the Computer Society's Golden Core
award. In 2000, he was named as a CISSP, honoris causa. He was the year
2000 recipient of the NIST/NCSC National Computer Systems Security Award,
generally regarded as the field's most significant honor in information
security research. In 2001, he was named as one of the recipients of the
"Charles B. Murphy" awards and named as a Fellow of the Purdue Teaching
Academy, the University's two highest awards for outstanding undergraduate
teaching. In 2001, he was elected to the ISSA Hall of Fame, and he was
awarded the William Hugh Murray medal of the NCISSE for his contributions
to research and education in infosec.
Among his many activities, Spaf is co-chair of the ACM's U.S. Public Policy
Committee and of its Advisory Committee on Computer Security and Privacy,
is a member of the Board of Directors of the Computing Research
Association, and is a member of the US Air Force Scientific Advisory Board.
More information may be found at <http://www.cerias.purdue.edu/homes/spaf>.
In his spare time, Spaf wonders why he has no spare time.
*Refreshments will be served before the talk at 4:00 pm in Ryerson 255*
Host: Leo Irakliotis
People who may need assistance should call 834-8977 in advance.
More information about the Colloquium
mailing list