Gene Spafford

Gene Spafford

Professor working with security, privacy and cybercrime

West Lafayette, Indiana

Gene Spafford, Ph.D., CISSP, is an internationally renowned scientist and educator who has been working in information security, policy, cybercrime, and software engineering for nearly two decades. He is a professor at Purdue University and is the director of CERIAS, the world's premier multidisciplinary academic center for information security and assurance. Professor Spafford and his students have pioneered a number of technologies and concepts well-known in security today, including the COPS and Tripwire tools, two-stage firewalls, and vulnerability databases. Spaf, as he is widely known, has achieved numerous professional honors recognizing his teaching, his research, and his professional service. These include being named a fellow of the AAAS, the ACM, and the IEEE; receiving the National Computer Systems Security Award; receiving the William Hugh Murray Medal of the NCISSE; election to the ISSA Hall of Fame; and receiving the Charles Murphy Award at Purdue. He was named a CISSP, honoris causa in 2000. In addition to over 100 technical reports and articles on his research, Spaf is also the coauthor of Web Security, Privacy, and Commerce, and was the consulting editor for Computer Crime: A Crimefighters Handbook (both from O'Reilly).

Practical UNIX and Internet Security Practical UNIX and Internet Security
by Simson Garfinkel, Gene Spafford, Alan Schwartz
Third Edition February 2003
Print: $54.95
Ebook: $43.99

Web Security, Privacy & Commerce Web Security, Privacy & Commerce
by Simson Garfinkel
Second Edition November 2001
Print: $49.99
Ebook: $39.99

Web Security and Commerce Web Security and Commerce
by Simson Garfinkel
June 1997

Practical UNIX and Internet Security Practical UNIX and Internet Security
by Simson Garfinkel, Gene Spafford
Second Edition April 1996

Practical UNIX Security Practical UNIX Security
by Simson Garfinkel, Gene Spafford
June 1991

Gene blogs at:

Patching is Not Security

May 26 2014

I have long argued that the ability to patch something is not a security “feature” — whatever caused the need to patch is a failure. The only proper path to better security is to build the item so it doesn’t need patching — so the failure doesn’t occur, or has… read more

In Memorium: Wyatt Starnes

May 13 2014

William Wyatt Starnes passed away unexpectedly on May 10th, 2014 at the age of 59. Wyatt was a serial entrepreneur, known for his work in computing — and especially cyber protection — as well as for his mentorship and public service. Wyatt graduated from Ygnacio Valley High School in Concord, CA,… read more

A Special Opportunity to Support CERIAS

April 17 2014

Purdue University is a land-grant university, founded in 1869. As a land-grant university, our focus has always been on service to the public good — providing excellent education and research results for the betterment of the world around us. While many universities take great pride at their faculty’s leverage of… read more

Thoughts on the RSA Conference, Boycotts, and Babes

April 06 2014

I’ve been delayed in posting this as I have been caught up in travel, teaching, and the other exigencies of my “day job,” including our 15th annual CERIAS Symposium. That means this posting is a little stale, but maybe it is also a little more complete. I try to attend the… read more

Telling the Future, Looking at the Past: A Few Short Items

March 02 2014

I have continued to update my earlier post about women in cybersecurity. Recent additions include links to some scholarship opportunities offered by ACSA and the (ISC)2 Foundation. Both scholarship opportunities have deadlines in the coming weeks, so look at them soon if you are interested. The 15th Annual Security Symposium is… read more