sealPurdue News

January 17, 2002

Purdue expert says Microsoft shift
just first step to information security

Purdue University information security expert Eugene H. Spafford says Microsoft's shift to a focus on security is only part of what is needed to secure information from threats of terrorism and ensure privacy.

"While this is an important first step, we cannot hope to protect our information infrastructure without a sustained, broadly-directed commitment to focus on security issues from both industry and government," Spafford says.

He says Purdue experts have been working for more than a decade to inform the public about the need for information security and its importance in developing our software infrastructure. "Unfortunately, security concerns have often taken a back seat to issues of cost and speed, and these warnings have been ignored," Spafford says.

Spafford says recent events may be changing that situation. "Coverage in the national press has noted a high-profile convert: Bill Gates, the founder of Microsoft," he says. "Following a lengthy series of serious security flaws in Microsoft products, coupled with the aftermath of 9/11 and a recent National Academy of Sciences panel report suggesting that commercial firms be held liable for faulty software security, Mr. Gates issued a memo to all Microsoft employees directing that good security become the number one priority in future development."

Spafford, professor of computer sciences and director of Purdue's Center for Education and Research in Information Assurance and Security (CERIAS), testified before a congressional committee on Oct. 10 about issues needed to secure information from threats including terrorism. His Congressional testimony is available online.

CONTACT: Eugene Spafford, (765) 494-7825;