Cipher Issue 92, September 2009, Editor's Letter

Dear Readers,

This month's issue features a Richard Austin book review of 16 essays from leading computer security gurus on the theme of "security is beautiful". The review caused me to reflect on the history of the field and to contrast early attitudes vs. current ones. Another event that caused reflection was the surprisingly widespread embedding of well-presented malware in the ads distributed to major newspapers during the past week. What's beautiful about this field?

In the early days, security research meant designing total solutions for security and privacy. Provably secure operating systems and public key cryptography seemed to be the underpinnings of a future free of security problems.

However, research was left behind in the dust of the digital information age, as the benefits of computers and networks led to an explosion of commercial software and data communication. The field was not going to stand still while waiting for perfectly secure software.

Then a Pandora's box of malware, driven by an odd combination of adventurers and criminals, ensconced itself into the digital milieu, and all the awful predictions, save the most devastating, reiterated regularly by security gurus, came to pass, and still, the computers went on computing and the users continued to rely on them, and life, digitally, went on.

I think the allure of the field is that almost any security solution has a place in the aggregate anti-malware force field that keeps us secure enough for practical purposes. The beauty is in the details of designing applications that are security-aware or security supporting, like a craftsman who can fit a wooden window frame perfectly. Perhaps we should call the today's field "security craftsmanship (research)".

Bad choice for today: "Click here for a free anti-virus scan of your hard drive",   
    Hilarie Orman
    Cipher Editor