Trust is the most important quality in computer security. If you build a bridge, you can look at the bridge every morning and make sure it’s still standing. If you paint a house, you can sample the soil and analyze it at a laboratory to ensure that the paint isn’t causing toxic runoff. But in the field of computer security, most of the tools that you have for determining the strength of your defenses and for detecting break-ins reside on your computer itself. Those tools are as mutable as the rest of your computer system. And unlike physical sciences and engineering, in which we have centuries of experience developing good measurements, the field of information assurance has few reliable metrics to apply to your computers and networks.

When your computer tells you that nobody has broken through your defenses, how do you know that you can trust what it is saying?