The “Bug-Free Software” fallacy

About 20 years ago, I worked with a fellow who proudly told me that he had once written a flawless piece of software. He kept its inch-thick line printer listing as a shrine in his cubicle. I never asked him for details, because he got angry when people questioned his judgement on computing. After all,... Continue Reading →

Multics was flawless?

Last week I participated in a very geeky panel discussion about a now-defunct standard for computer system security: the TCSEC. I showed some charts and diagrams about costs, error rates, and adoption of government-sponsored programs for evaluating computer security. During the panel, some audience members made the following claim: "After its evaluation, Multics never needed a... Continue Reading →

Security Design Principles

This is an extended, less-edited version of an article appearing in IEEE Security and Privacy in December 2012. This version specifically identifies all of the textbooks I reviewed while looking at information security design principles. Here is the citation for the published article: Smith, R.E.; , "A Contemporary Look at Saltzer and Schroeder's 1975 Design Principles," Security &... Continue Reading →

Create a website or blog at

Up ↑