The Challenge of Secure Software by Eugene Spafford Despite decades of advances in computer science and software engineering, our computing systems seem to be less and less trustworthy. Each week seems to bring new stories of computer viruses, invasions of privacy, serious bugs in common software platforms, and network intrusions. The trend seems to be getting worse instead of better. Why is that? And is there hope for safer systems for day-to-day use in e-commerce and government? In this talk, we will examine some of the factors that have led to this distressing state of events. Included will be a discussion of some rules for designing secure software, and an examination of why the current Internet marketplace encourages those rules to be ignored. The clear solution is not one of technology -- but of consumer action. Audience feedback is encouraged. About the speaker: Eugene H. Spafford is a professor of Computer Sciences at Purdue University, a professor of Philosophy, the university's Information Systems Security Officer, and is Director of the Center for Education Research Information Assurance and Security. CERIAS is a campus-wide multi-disciplinary Center, with a broadly-focused mission to explore issues related to protecting information and information resources. Dr. Spafford is a Fellow of the ACM, Fellow of the AAAS, Fellow of the IEEE, and is a charter recipient of the Computer Society's Golden Core award. Among other activities, he is chair of the ACM's U.S. Public Policy Committee, a member of the Board of Directors of the Computing Research Association , and is a member of the US Air Force Scientific Advisory Board. He was the year 2000 recipient of the NIST/NCSC National Computer Systems Security Award, generally regarded as the field's most significant honor in information security research, and was named as one of the "Five Most Influential Leaders in Information Security" by the readers and editors of Information Security in 1999. More information may be found at .