中央研究院 資訊科學研究所

Despite its urgency and the substantial resources that are being poured into it, the state of computer security seems to be getting worse each year.  We're seeing an ever-larger number of entities compromise an ever-greater number of sensitive systems, and a new conventional wisdom that says that attacks are virtually unstoppable and that skilled attackers will nearly always succeed.  Those who have been directly or indirectly victimized by attacks sometimes wonder why we can't just fix this problem, especially when other parts of day-to-day life are getting safer.  I'll try to explain how some classes of attacks work.

I'll take a look at some of the conceptual issues that make it harder than it appears to make information systems safe, and some of the incentive problems that prevent us from enjoying better security.

And I'll give some reasons experts are pessimistic that we can "fix" computer security quickly and cheaply.

Seth Schoen has served for fourteen years as the first-ever Staff Technologist at the Electronic Frontier Foundation; his position has inspired the creation of similar positions at other NGOs and government agencies.  Seth has sought to inform EFF's litigation, policy, and activist work with technical expertise, and has researched topics including ISPs' interference with user communications and computer memory and laser printer forensics.  He has testified before the U.S. Copyright Office, U.S. Sentencing Commission, and several courts.  He is one of the original technical contributors to the Let's Encrypt certificate authority project.

https://en.wikipedia.org/wiki/Seth_Schoen#/media/File:Seth_Schoen_Mystery_Hunt.jpg