Grand challenges in information security: process and output

Even casual observers can see that our society's computing infrastructure has significant security problems. Technical sources such as CERT, BugTraq, and the Risks Digest - not to mention the popular media - regularly catalog critical vulnerabilities in deployed software. Unless we figure out how to build trustworthy systems in the real world, we're in trouble. Recognizing that fact, the Computing Research Association (CRA, www.cra.org), with support from the US National Science Foundation, recently drafted its Grand Research Challenges in security and assurance, intent on galvanizing the field by focusing attention and stimulating progress on these problems.