Passing of a Pioneer

Going across my email the last few days have been messages regarding the death of Jim Anderson, one of the pioneers of the Computer Security field, back in November. Gene Spafford has written an excellent obituary in cerias_weblogs; I’ll quote a bit below:

On November 18, 2007, noted computer pioneer James P. Anderson, Jr., died at his home in Pennsylvania. Jim, 77, had finally retired in August.


Jim’s contributions to information security involved both the abstract and the practical. He is generally credited with the invention and explication of the reference monitor (in 1972) [clarified in a comment by Peter Denning to note that Jim recognized the fundamental importance of reference monitor for computer security practice and stumped endlessly for its adoption] and audit trail-based intrusion detection (in 1980). He was involved in many broad studies in information security needs and vulnerabilities. This included participation on the 1968 Defense Science Board Task Force on Computer Security that produced the “Ware Report”, defining the technical challenges of computer security. He was then the deputy chair and editor of a follow-on report to the U.S. Air Force in 1972. That report, widely known as “The Anderson Report”, defined the research agenda in information security for well over a decade. Jim was also deeply involved in the development of a number of other seminal standards, policies and over 200 reports including BLACKER [a program I worked], the TCSEC (aka “The Orange Book”), TNI, and other documents in “The Rainbow Series”.

Jim consulted for major corporations and government agencies, conducting reviews of security policy and practice. He had long- standing consulting arrangements with computer companies, defense and intelligence agencies and telecommunication firms. He was a mentor and advisor to many in the community who went on to prominence in the field of cyber security. Jim is well remembered for his very practical and straightforward analyses, especially in his insights about how operational security lapses could negate strong computing safeguards, and about the poor quality design and coding of most software products.

Jim eschewed public recognition of his many accomplishments, preferring that his work speak for itself. His accomplishments have long been known within the community, and in 1990 he was honored with the NIST/NCSC (NSA) National Computer Systems Security Award, generally considered the most prestigious award in the field. In his acceptance remarks Jim observed that success in computer security design would be when its results were used with equal ease and confidence by average people as well as security professionals – a state we have yet to achieve.

Jim had broad interests, deep concerns, great insight and a rare willingness to operate out of the spotlight. His sense of humor and patience with those earnestly seeking knowledge were greatly admired, as were his candid responses to the clueless and self-important.