TABLE OF CONTENTS In 1987, Fred Brooks produced his seminal and oft-quoted paper "No Silver Bullet: Essence and Accidents of Software Engineering" [1]. Probably the single most important point made in this article is one that doesn't directly touch on the field of computer software at all, but comes from the field of medicine. Before modern medicine existed, illness and disease were believed to be the fault of evil spirits, angry gods, demons, and all manner of other causes. If it were possible to find some magic cure that would keep the demons at bay, then a great many medical problems could be solved. Scientific research into the real reasons for illness and disease destroyed these hopes of magical cures. There is no single, universal cure since there is no single problem, and each new problem (or even variation of an existing problem) needs to be addressed via a problem-specific solution.
When the message in the article is reduced to a simple catchphrase, its full meaning often becomes lost: There really is no silver bullet, no rubber chicken that can be waved over a system to make it secure. This chapter examines some of the attempts that have been made to find (or decree) a silver bullet and looks at some of the problems that accompany them. The next chapter will then look at alternative approaches towards building secure systems.
As did an earlier paper on this topic that found that "proclaiming that the gods have clay feet or that...
