Monday, September 6, 2010

Never a better introduction.

Today I got the chance to read the Security&Privacy Call for Papers.

I know, usually people reads and quotes notes from scientists or literati and not from CFP, but this time, I believe is different. The few following sentences (extracted from Security&Privacy Call for Papers) well describe the entire security panorama focusing on what security is and what security will be.

Typically, disciplines mature by being “arts” first, “crafts” second, and “sciences” last. An art is considered to be the domain of people with innate abilities and singular talents. Only someone born with a talent can be an artist. A craft is teachable and so requires standardized terminology, proven techniques and an established curriculum. To become a science, a discipline needs quantifiable measures, reproducible experiments, and established laws that make meaningful predictions.
Despite tremendous effort in improving computer security over the past 40 years, and significant progress in our ability to address particular types of vulnerabilities, computer security is, at best, a craft. Although we have developed many good engineering solutions, there is a paucity of scientifi c understanding of the underlying principles for developing secure systems. Unlike the medieval alchemists, we lack well defined goals, quantifi able ways of measuring security properties of a system, and established and repeatable experimental methods

by Davis Evans and Salvatore J. Stolfo

No comments: