In May 2000, Computer Science Professor Greg Morrisett and I wrote a report for the Infosec Research Council Science and Technology Study Group (ISTSG) focused on malicious code. The purpose of the Malicious Code ISTSG was to develop a national research agenda to address the accelerating threat posed in malicious code. The final report was published in IEEE Software .
In the course of our work, we identified what has come to be known as the Trinity of Trouble—three factors responsible for the growth of malicious code. The Trinity of Trouble has since been expanded and discussed in Exploiting Software  and in Software Security , but it bears repeating here.
The three trends in ...