CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Why is IT in so much pain? Parallels of modern server security to 1700 maritime navigation.

Gene Kim

Gene Kim - Tripwire

Feb 07, 2001


At the turn of the 18th century, maritime navigation was in a dismal state. Numerous ways of determining latitude were known, but none for determining longitude. So, ships at sea could find their north/south position with relative ease. However, in order to ascertain their longitude, they resorted to throwing logs over the stern of the ship, observed how fast they receded, and then plotted their estimated progress on a map. So inaccurate was this method that whenever a ship lost sight of land, it was essentially lost. Thousands of lost lives, and incalculable amounts of cargo lost to the deep is a testament of how 18th century maritime navigation was almost as much art as skill.

Defenders of IT infrastructure often find themselves in a similar state. The dismal reality of modern server security is that whenever the underlying integrity of a mission-critical server is in question ("have we been hacked?"), more often than not, the server must be rebuilt from scratch. Why?

This talk will focus on why IT is in so much pain, and speculates on what missing technologies can make IT less miserable. Other topics presented include how IT suppliers must take on a larger burden of responsibility for creating safe software -- including OS vendors, application vendors, as well as compiler and installer vendors. And, a model of IT capabilities in the context of Maslow's Hierarchy of Needs will also be presented -- i.e., are we worrying about mortgate payments when we don't have air?

About the Speaker

Gene Kim is the chief technology officer and co-founder of Tripwire(tm), Inc. In 1992, he co-authored the Tripwire integrity assessment software technology while at Purdue University with Dr. Gene Spafford. Gene is widely published on computer security, operating systems and networking in Usenet, ACM and IEEE publications and is a frequent speaker at industry conferences. He holds an M.S. in computer science from University of Arizona and a B.S. in computer sciences from Purdue University.

Gene is currently fixated on understanding IT maturity models, and why security practitioners often are too often left holding the bag for costly legacy misdeeds. Visiting his alma mater is always fantastic, although he suspects he still owes the money for parking tickets.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...


The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.