Issue No.06 - November/December (2009 vol.7)
Fred B. Schneider , Cornell University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.180
Using exams to create labels for our workforce might sound like a way to get more trustworthy systems, but it's not. If it walks like a duck, quacks like a duck, and looks like a duck, then there's good reason to believe that it's a duck. But you don't get a duck just by calling something a duck, and you don't get trustworthy systems simply by introducing a labeling scheme for system-builders. You can't label-in security. To have the desired effect, a credential must bestow obligations and responsibilities on practitioners.
certification, security, trusted computing
Fred B. Schneider, "Labeling-in Security", IEEE Security & Privacy, vol.7, no. 6, pp. 3, November/December 2009, doi:10.1109/MSP.2009.180