Security, technology, publishing, and ethics (Part I)

Each time we employ a tool or system to change the world around us, we are using technology. Technology itself surrounds us and permeates nearly every aspect of our lives. It supports the energy generation and delivery systems that heat or cool our homes and workplaces, that help provide our food and clothing, that power our communications and transportation, and that enable you to read this journal either online or on paper. And for all that technology to mature to its current level has required major developments in science and engineering. Science is a set of organized conjectures about the world. It is not a set of absolute truths, but rather a set of theorems that we continue to refine via observation and conjecture. Science advances in a non-uniform manner. Sometimes we have huge breakthroughs as a result of tremendous insights or seren-dipitous discoveries, but usually it is the slow pace of incre-mental advancement brought about through the careful and painstaking application of scientific method to that body of knowledge. As scientists we observe, we make conjectures, we reason, we model, we measure, and we report our findings. Engineering is related to science as part of a continuum of practice. Some people claim there is a clear delineation between science and engineering, while others see them as different aspects of the same thing. Generally, engineers are devoted to a practice of building artifacts without necessarily understanding all the principles underlying their construction, while scientists are generally interested in the nature of those principles without necessarily caring about what artifacts might be enabled by them. One quote I have seen (source unknown) is " An engineer will formulate a theorem to build something; a scientist will build something to prove a theorem. " I found this quote online by Seyed Reza Saghravani that I rather like: " A scientist can discover a new star, but he cannot make one. He would have to ask an engineer to do that. " IFIP TC 11 and the larger community of security professionals practice both science and engineering. We are seeking to advance the state of the art and practice e advance the science and improve the engineering. To do that, we depend on the interchange of knowledge, adding to the shared body of experience (both good and bad), and applying time-tested methods to the evolution of technology in an attempt to provide more …