One of the things that makes security research different from other research is the presence of attackers, potentially or in actuality. The early research I was exposed to barely touched on the attacker. The Trusted Computer System Evaluation Criteria from the 1980s had hardly a whisper of functionality specifically for countering attacks, beyond auditing security relevant events. When we were researching and composing secure systems, most of us thought that antivirus, when it emerged, was a fool’s game. Who could possibly catch all the different ways an attacker might go about breaching a system? The first question put to a presentation on intrusion detection system (IDS) research was predictably “How did you know that the system was free of attacks when you baselined it?”

中文翻译：

---

对攻击者来说无法使用的安全性[来自编辑]

安全研究与其他研究的不同之处之一是攻击者的存在，无论是潜在的还是现实的。我接触到的早期研究几乎没有触及攻击者。20 世纪 80 年代的可信计算机系统评估标准除了审核安全相关事件外，几乎没有专门用于反击攻击的功能。当我们研究和构建安全系统时，我们大多数人都认为防病毒软件一出现就是一个傻瓜游戏。谁能捕捉到攻击者破坏系统的所有不同方式？不出所料，关于入侵检测系统（IDS）研究的演讲中提出的第一个问题是“当你设定基线时，你怎么知道系统没有受到攻击？”