suggests they will pervasively continue
to recur in the future.
˲ A general lack of awareness and
education relating to all of these issues, requiring considerable rethinking of these issues.
Progress toward trustworthy systems
for critical security uses has been very
spotty. For example, several National
Academies of Science Computer Sci-
ence and Technology Board studies have
examined issues relating to computer
and network security4, 6, 11 and cryptog-
raphy, 5 with extensive conclusions and
recommendations that seem to have
been widely ignored, or not farsighted
We consider here certain overarch-
ing and underlying concepts that must
be better understood and more sys-
tematically confronted, sooner rather
than later. Some are more or less self-
evident, some may be debatable, and
others may be highly controversial.
˲ A preponderance of flawed hardware-software systems, which limits
the development of trustworthy applications, which also impedes accountability and forensics-worthy
rapid identification of culprits and
˲ Lack of understanding of the properties of composed systems. Components that seem secure locally, when
combined, may yield insecure systems.
˲ A lack of discipline and construc-
tive uses of computer science, physi-
cal science, technology, and engi-
neering, which hinders progress in
trustworthiness, although new appli-
cations, widgets, and snake-oil-like
hype continue apace without much
concern for sound usability.
˲ A lack of appreciation for the wis-
dom that can be gained from science,
engineering, and scientific methods,
which impedes progress, especially
where that wisdom is clearly relevant.
˲A lack of understanding of the
short-term and long-term risks by
leaders in governments and business,
which is becoming critical, as is their
willingness to believe that today’s
sloppy systems are good enough for
˲A widespread failure to understand these risks is ominous, as history
The Big Picture
A systems-oriented view of trustworthiness.