deal with their impact not only on productivity but also on security. Discussions of quality assurance would emphasize safety engineering more than might be expected in a traditional software engineering program.

It is expensive for vendors to maintain two versions of products—secure and regular. Thus, all else being equal, regular versions can be expected to be displaced by secure versions. But if sales are restricted, then only the regular version will be marketed, to the detriment of security.

As this report goes to press, a case is under consideration at the Department of State that could result in liberalized export of DES chips, although such an outcome is considered unlikely.

As of this writing, similar actions may also be necessary in connection with the RSA public-key encryption system, which is already available overseas (without patent protection) because its principles were first published in an academic journal (Rivest et al., 1978).

The paucity of academic effort is reflected by the fact that only 5 to 10 percent of the attendees at recent IEEE Symposiums on Security and Privacy have been from universities.

For vendors, related topics would be trusted distribution and trusted configuration control over the product life cycle.