As computerization has become more ubiquitous, and as more critical societal functions have been entrusted to computers, we have become more aware of shortcomings in the security of our information infrastructure. Many (if not most) of these shortcomings can be traced to poor software development practices, lack of testing, and faulty design. Vendors claim -- in so many words -- that there is no economic reason to produce higher quality software because consumers want features before more security.
In this talk, I will examine these issues and discuss some future consequences of the lack of focus on quality. This will include discussion of how the issue may be addressed in law in the not-too-distant future. Presentation abstract to be supplied.
Eugene H. Spafford is a professor of Computer Sciences at Purdue University, the university's Information Systems Security Officer, and is Director of the Center for Education Research Information Assurance and Security. CERIAS is a campus-wide multi-disciplinary Center, with a broadly-focused mission to explore issues related to protecting information and information resources. Spaf has written extensively about information security, software engineering, and professional ethics. He has published over 100 articles and reports on his research, has written or contributed to over a dozen books, and he serves on the editorial boards of most major infosec-related journals.
Dr. Spafford is a Fellow of the ACM, Fellow of the AAAS, senior member of the IEEE, and is a charter recipient of the Computer Society's Golden Core award. Among other activities, he is chair of the ACM's U.S. Public Policy Committee, a member of the Board of Directors of the Computing Research Association , and is a member of the US Air Force Science Advisory Board. He regularly serves as a consultant on information security and computer crime to law firms, major corporations, U.S. government agencies, and state and national law enforcement agencies around the world.
Complete bio at: www.cerias.purdue.edu/homes/spaf.