Abstract A Martian who arrived on Earth today would surely conclude that computing and communications security are in a crisis situation. The popular media as well as technical publications are full of stories of new vulnerabilities being discovered and systems being compromised. Government and business leaders call for a fundamental rethinking of how information and communication technologies (ICT) systems are designed and operated. But that Martian would surely have come to the same conclusion 10 years, and 20 years, and 30 years ago. The alarms and complaints have been practically the same all this time, only their volume and stridency have grown. Further, for the last few decades security professionals have been getting more and more frustrated. They have been complaining that they were not being listened to, and that their expertise was not being used properly. They have also been repeating constantly the mantra that once some ICT insecurity leads to a big disaster (such as bankru...
Andrew M. Odlyzko