James Anderson, one of the pioneers in the field that eventually became computer security and the author of some of the seminal papers on the subject, died in mid-November. His passing seems to have gone virtually unnoticed in the industry, and, to hear his friends tell it, that’s perhaps the way he would have liked it. I didn’t know the man, but Gene Spafford, who casts a long shadow of his own in this world, did and his summation of Anderson’s accomplishments is extraordinary.
Jim’s contributions to information security involved both the abstract and the practical. He is generally credited with the invention and explication of the reference monitor (in 1972) and audit trail-based intrusion detection (in 1980). He was involved in many broad studies in information security needs and vulnerabilities. This included participation on the 1968 Defense Science Board Task Force on Computer Security that produced the “Ware Report“, defining the technical challenges of computer security. He was then the deputy chair and editor of a follow-on report to the U.S. Air Force in 1972. That report, widely known as “The Anderson Report“, defined the research agenda in information security for well over a decade. Jim was also deeply involved in the development of a number of other seminal standards, policies and over 200 reports including BLACKER, the TCSEC (aka “The Orange Book”), TNI, and other documents in “The Rainbow Series“.
Computer security is still a relative pup in the technology industry at large, but it is quickly approaching that age when its founders and early visionaries will no longer be around to tell the old stories and pass on their accumulated wisdom. We’ll all be the poorer for that.