A limited computer security budget has hampered even internal NIST efforts to date, although several programs are under development that would group funds from private industry or other federal agencies to address mutual security concerns (see Chapter 7 for a more complete discussion of NIST activities).

Consider, for example, the following indicators of low academic participation in the field of computer security. At the January 1989 NIST integrity workshop, of the 66 listed attendees, only 6 were from U.S. academic institutions. At the 1988 Institute of Electrical and Electronics Engineers Symposium on Security and Privacy, a more general security conference with considerable attention to DOD interests, less than 6 percent were academic attendees out of an approximate total of 316. In contrast, at a broad conference on computer systems, the 1989 Association of Computing Machinery Symposium on Operating System Principles, approximately 36 percent of the attendees were from U.S. academic institutions.

Examples include provably correct systems (ProCoS), a result of basic research oriented toward language design, compiler systems, and so on, appropriate for safety-critical systems; Software Certification On Programs in Europe (SCOPE), which will define, experiment with, and validate an economic European software certification procedure applicable to all types of software and acceptable and legally recognized throughout Europe; and Demonstration of Advanced Reliability Techniques for Safety-related computer systems (DARTS), whose aim is to facilitate the selection of reliable systems for safety-critical applications (European Commission, 1989a, pp. 27 and 55; 1989b).