There are diverse barriers to advancement of strong cybersecurity, and many of these derive from unresolved conflicts among equities relating to technical means for high assurance, allocation of risk and liability, identity and attribution, deterrence and active defense, product and process evaluation, and diffusion of technology. What are the prospects, from a technical and policy perspective, to address these conflicts in ways that will enable higher levels of security?

William L. Scherlis is a Professor of Computer Science and Director of the Institute for Software Research (ISR) in the School of Computer Science at Carnegie Mellon University (CMU). He founded and led the CMU PhD Program in Software Engineering for its first decade of operation. He was Acting CTO for the Software Engineering Institute for 2012 and early 2013. Dr. Scherlis completed a Ph.D. in Computer Science at Stanford University, a year at the University of Edinburgh (Scotland) as a John Knox Fellow, and an A.B. at Harvard University in Applied Mathematics. His research relates to software assurance, cybersecurity, software analysis, and assured safe concurrency. Scherlis has testified before Congress on software sustainment, on information technology and innovation, and on roles for a Federal CIO. He interrupted his career at CMU to serve at Defense Advanced Research Projects Agency (DARPA) for six years, departing in 1993 as a senior executive. Scherlis chaired the National Research Council (NRC) study committee that produced the report Critical Code: Software Producibility for Defense in 2010. He served multiple terms as a member of the DARPA Information Science and Technology Study Group (ISAT). He has been an advisor to major IT companies and a founder of CMU spin-off companies. Scherlis is a Fellow of the IEEE and a lifetime National Associate of the National Academy of Sciences. He is a emeritus member of the SERC Research Council in the area of Trusted Systems.