skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · events · colloquia · 2002-2003 · 
 

Colloquium - Spafford

 
1/27/2003
10:00am-12:00pm
UMC 247

Myths, Fads, and False Economies: How NOT to Get Secure Systems
Purdue University and CERIAS

It is clear from reading any newspaper or magazine that there is a real problem with the security of information systems. Viruses, break-ins, spam, identity theft, and concerns with cyberterrorism are all on the rise. Yet, with over 50 years of experience with building security tools and systems, why aren't things better than they are? The answer is that the field has been plagued by a number of mistaken beliefs, some bordering on the realm of superstition. If you believe that using strong cryptography provides good security, that open source is more secure than proprietary code, that the next release will be more secure than the current code, that full disclosure prevents break-ins, or that better firewalls are the answer, then you have fallen victim to the myths. In this talk, I will discuss some of the pervasive (and incorrect) beliefs that make building and operating secure systems such a difficult task.

Eugene (Spaf) Spafford photo

Eugene H. Spafford is a professor of Computer Sciences at Purdue University, a professor of Philosophy (courtesy appointment), and is Director of the Center for Education Research Information Assurance and Security. CERIAS is a campus-wide multi-disciplinary Center, with a broadly-focused mission to explore issues related to protecting information and information resources. Spaf has written extensively about information security, software engineering, and professional ethics. He has published over 100 articles and reports on his research, has written or contributed to over a dozen books, and he serves on the editorial boards of most major infosec-related journals. Dr. Spafford is a Fellow of the ACM, Fellow of the AAAS, Fellow of the IEEE, and is a charter recipient of the Computer Society's Golden Core award. In 2000, he was named as a CISSP, honoris causa. He was the year 2000 recipient of the NIST/NCSC National Computer Systems Security Award, generally regarded as the field's most significant honor in information security research. In 2001, he was named as one of the recipients of the "Charles B. Murphy" awards and named as a Fellow of the Purdue Teaching Academy, the University's two highest awards for outstanding undergraduate teaching. In 2001, he was elected to the ISSA Hall of Fame, and he was awarded the William Hugh Murray medal of the NCISSE for his contributions to research and education in infosec. Among his many activities, Spaf is co-chair of the ACM's U.S. Public Policy Committee and of its Advisory Committee on Computer Security and Privacy, is a member of the Board of Directors of the Computing Research Association, and is a member of the US Air Force Scientific Advisory Board. In his spare time, Spaf wonders why he has no spare time.


The Department holds colloquia throughout the Fall and Spring semesters. These colloquia, open to the public, are typically held on Thursday afternoons, but sometimes occur at other times as well. If you would like to receive email notification of upcoming colloquia, subscribe to our Colloquia Mailing List. If you would like to schedule a colloquium, see Colloquium Scheduling.

Sign language interpreters are available upon request. Please contact Stephanie Morris at least five days prior to the colloquium.

 
See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Questions/Comments?
Send email to

Engineering Center Office Tower
ECOT 717
+1-303-492-7514
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (13:29)
 
.