Title: We thought we had this stuff figured out back in the 1970s. What went wrong? Speaker: Jerome H. Saltzer, MIT Abstract: In the 1960s the first multiple-user computer systems began to take a serious interest in allowing users to control the extent to which they shared information. By the mid-1970's what seemed like useful models for security had been developed. Three decades years later we find that there are massive shortcomings in computer security. What went wrong? It is apparent that one of the most important security design principles, the one called "complete mediation", was simply neglected. The question is why? This talk offers two examples (PC's on the Internet and UNIX buffer overflows) that suggest that the underlying problem is technology that improves so rapidly that security vulnerabilities get introduced faster than anyone can fix them.