Gene Spafford

Biography

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Books

Practical UNIX and Internet Security by Simson Garfinkel , Gene Spafford , Alan Schwartz Third Edition February 2003 Print: $54.95 (5) (Read Reviews)	Web Security, Privacy & Commerce by Simson Garfinkel Second Edition November 2001 Print: $44.95 (5) (Read Reviews)
Web Security and Commerce by Simson Garfinkel June 1997 OUT OF PRINT (5) (Read Reviews)	Practical UNIX and Internet Security by Simson Garfinkel , Gene Spafford Second Edition April 1996 OUT OF PRINT (4) (Read Reviews)
Practical UNIX Security by Simson Garfinkel , Gene Spafford June 1991 OUT OF PRINT

Articles

You need to enable JavaScript to view more than 15 articles by this author. Contagion: Why Our Dependency on Microsoft Makes Us Susceptible
Publish Date: May. 22, 2000The Internet has become a convenient source to blame for a virus outbreak. But that's like blaming the air we breathe when we catch a cold. Spafford argues that our reliance on a software "monoculture," defined by Microsoft, is what makes us vulnerable, making it easy for a single type of virus to be so effective.

Blog

Gene's blog posts are hosted at:
http://www.cerias.purdue.edu/site/blog/author/spaf/

Are We All Aware Yet?

November 02 2009

So, here we are, in November already. We've finished up with National Cyber Security Awareness Month — feel safer? I was talking with someone who observed that he remembered "National Computer Security Day" (started back in the late 1990s) that then became "National Computer Security Week" for a few years.… read more

What About the Other 11 Months?

October 04 2009

October is "officially" National Cyber Security Awareness Month. Whoopee! As I write this, only about 27 more days before everyone slips back into their cyber stupor and ignores the issues for the other 11 months. Yes, that is not the proper way to look at it. The proper way is to… read more

Odds & Ends

September 18 2009

Cyber Leap Year Summit I've heard from many, many people who read my blog post about this. So far, everyone who attended and was not involved with the planning of the Summit has basically agreed with my comments. Here is an interesting post by Russ Thomas that explores the NCLY in depth… read more

Ignore this

September 06 2009

ufq3s8krmy read more

Still no sign of land

August 29 2009

I am a big fan of the Monty Python troupe. Their silly take on several topics helped point out the absurd and pompous, and still do, but sometimes were simply lunatic in their own right. One of their sketches, about a group of sailors stuck in a lifeboat came to mind… read more

More customer disservice—This time, Facebook

August 22 2009

I have a Facebook account. I use it as a means to communicate little status updates with many, many friends and acquaintances while keeping up to date (a little) on their activities. I'm usually too pressed for time to correspond with everyone as I would otherwise prefer to do, and… read more

A Quick Note about Cloud Computing

August 20 2009

I was talking to several people at the Cyber Leap Year Summit about how we have decades of research in computing that too many current researchers fail to look at because it was never put on line. We have all noticed the disturbing trend that too many papers submitted for… read more

Other cybersecurity legislation in the U.S.

July 18 2009

In response to my last post, several people have pointed out to me some other initiatives before Congress. Here are some brief comments on a few of them, based on what is available via the Thomas service. I am not going to provide a section-by-section analysis of any of these. S.921,… read more

Cybersecurity Legislation

July 14 2009

Cyber seems to be one of the buzzwords in Washington these days, with the recent botnet attacks generating a lot of extra noise. This has included at least one rather bellicose response from a US Representative who either is reading much more interesting information than the rest of us, or… read more

The ACM Banquet

June 28 2009

Tonight (June 27) was the annual ACM Awards Banquet. This event is where various awards and recognitions are made, although most are announced well in advance. Among other things, this is when the Turing Award is officially given (this year, to Professor Barbara Liskov), and when the new class of… read more

On Cyber Czars and 60-day Reports

May 30 2009

Today, and Before On July 17, 2008, (then) Senator Barack Obama held a town hall meeting on national security at Purdue University. He and his panel covered issues of nuclear, biological and cyber security. (I blogged about the event here and here.) As part of his remarks at the event, Senator… read more

Solving the Wrong Problems

May 20 2009

In lieu of a new posting here, let me direct you to the June 2009 issue of Communications of the ACM, pages 22-24. That is an essay I wrote that echoes some of the themes of things I have posted here. I would be interested in your comments. read more

Cyber security challenges and windmills

March 30 2009

[Note: the following is primarily about U.S. Government policies, but I believe several points can be generalized to other countries.] I was editing a section of my website, when I ran across a link to a paper I had forgotten that I wrote. I'm unsure how many people actually saw it… read more

This time, the Senate

March 21 2009

On March 19, I had an opportunity to testify before the Senate Committee on on Commerce, Science, and Transportation. The hearing was entitled Cybersecurity – Assessing Our Vulnerabilities and Developing An Effective Defense. I was asked to include information on research problems, educational initiatives, and issues regarding the current state of… read more

Do we need a new Internet?

February 16 2009

Short answer: " Almost certainly, no." Longer answer: The blogosphere is abuzz with comments on John Markoff's Saturday NT Times piece, Do We Need a New Internet? John got some comments from me about the topic a few weeks back. Unfortunately, I don't think a new Internet will solve the problems we… read more

O'Reilly Community

Biography

Books

Articles

Blog

Buy Direct and Save