By Prof. Eugene Spafford
January 2nd, 2008
On November 18, 2007, noted computer pioneer James P. Anderson, Jr.,
died at his home in Pennsylvania. Jim, 77, had finally retired in
Jim, born in Easton, Pennsylvania, graduated from Penn State with a
degree in Meteorology. From 1953 to 1956 he served in the U.S. Navy as a
Gunnery Officer and later as a Radio Officer. This later service sparked
his initial interest in cryptography and information security.
Jim was unaware in 1956, when he took his first job at Univac
Corporation, that his career in computers had begun. Hired by John
Mauchly to program meteorological data, Dr. Mauchly soon became a family
friend and mentor. In 1959, Jim went to Burroughs Corporation as manager
of the Advanced Systems Technology Department in the Research Division,
where he explored issues of compilation, parallel computing, and
computer security. While there, he conceived of and was one of the
patent holders of one of the first multiprocessor systems, the D-825.
After being manager of Systems Development at Auerbach Corporation from
1964 to 1966, Jim formed an independent consulting firm, James P.
Anderson Company, which he maintained until his retirement.
Jims contributions to information security involved both the abstract
and the practical. He is generally credited with the invention and
explication of the reference monitor (in 1972) and audit trail-based
intrusion detection (in 1980). He was involved in many broad studies in
information security needs and vulnerabilities. This included
participation on the 1968 Defense Science Board Task Force on Computer
Security that produced the Ware Report, defining the technical
challenges of computer security. He was then the deputy chair and editor
of a follow-on report to the U.S. Air Force in 1972. That report, widely
known as The Anderson Report, defined the research agenda in information
security for well over a decade. Jim was also deeply involved in the
development of a number of other seminal standards, policies and over
200 reports including BLACKER, the TCSEC (aka The Orange Book), TNI, and
other documents in The Rainbow Series.
Jim consulted for major corporations and government agencies, conducting
reviews of security policy and practice. He had long- standing
consulting arrangements with computer companies, defense and
intelligence agencies and telecommunication firms. He was a mentor and
advisor to many in the community who went on to prominence in the field
of cyber security. Jim is well remembered for his very practical and
straightforward analyses, especially in his insights about how
operational security lapses could negate strong computing safeguards,
and about the poor quality design and coding of most software products.
Jim eschewed public recognition of his many accomplishments, preferring
that his work speak for itself. His accomplishments have long been known
within the community, and in 1990 he was honored with the NIST/NCSC
(NSA) National Computer Systems Security Award, generally considered the
most prestigious award in the field. In his acceptance remarks Jim
observed that success in computer security design would be when its
results were used with equal ease and confidence by average people as
well as security professionals - a state we have yet to achieve.
Jim had broad interests, deep concerns, great insight and a rare
willingness to operate out of the spotlight. His sense of humor and
patience with those earnestly seeking knowledge were greatly admired, as
were his candid responses to the clueless and self-important.
With the passing of Jim Anderson the community has lost a friend, mentor
and colleague, and the field of cyber security has lost one of its
Jim is survived by his wife, Patty, his son Jay, daughter Beth and three
grandchildren. In lieu of other recognition, people may make donations
to their favorite charities in memory of Jim.
Visit InfoSec News