In Loving Memory of Ross
This is to preserve cherished memories shared by Ross's friends, students, colleagues, and those who had not met him but learnt lessons through his book. I went through online places
to collect all public tributes, and also included private messages through internal emails and handwritten notes with consent.
I believe future generations, including myself, will learn invaluable lessons from these remembrances, gaining a deeper understanding of Ross's vast contributions and how nicely he
treated students and colleagues. If you have something to write but have not yet shared it, please reach out to me and I will help archive it.
In memoriam: Cambridge Computer Laboratory
| Churchill College, Cambridge
| Cambridge Judge Business School
| Cambridge Energy Policy Research Group
| School of Informatics, University of Edinburgh
| Communications of the ACM
| Schneier on Security
| Ruhr-Universitat Bochum
| WEIS (Panel)
| SHB Panel
| IH&MMSec Workshop
| Churchill College Memorial Service (video)
| BBC Last Word
| Computer Weekly
| The Record
| The Register
| Light Blue Touchpaper
| International Association of Privacy Professionals
| Open Rights Group
| Bill Buchanan
| Duncan Campbell
| Alec Muffett
| Wendy Grossman
| Paul Ducklin
| Virus Bulletin
| GBHackers
| Hacker News
| TU Darmstadt
| Ross's Life (also here)
| Fundraising for Woodland Trust
| Cambridge Rossfest
I remember I first met Ross around 1993 or 1994. I was working as a research engineer in an industrial lab in Cambridge, I was a kind of crypto nerd all excited about PGP, and I heard of this public talk at the University entitled "Why cryptosystems fail". So I went along, one evening, and I think it was the first talk I ever attended at the University of Cambridge. This speaker, of whom I knew absolutely nothing, talked about how banking systems claim to be infallible but in fact make a number of engineering mistakes that enable a variety of frauds. He explained the frauds, not in the abstract but with reference to actual cases, and daringly asserted that the banks made the mistakes but denied the evidence and blamed the victims. Wow, that was hot stuff! I was riveted in my seat. We need people like this to tell it straight, stick it to the man and defend us poor consumers, I thought. Who is this guy? I didn't know it then, but the speaker was just a lowly PhD student, a mature PhD student of computer security pioneer Roger Needham. He had graduated from Cambridge in maths some 15-20 years before and had since worked around the world, from the Far East to South Africa, in a variety of fields, including banking. And then, having saved enough to pay for graduate studies, he had gone back for a PhD, and he had taken to research like a fish to water. This was to become his first high profile paper, officially published in late 1993 but I wasn't able to reconstruct whether he gave that talk in the Babbage lecture theatre before or after publication.
In the meantime, a few years after attending that lecture, I too came to the decision of returning to University to earn a PhD as a mature student. As I looked for a supervisor there and considered various options I found him, by then a newly minted lecturer in the Computer Laboratory, what we would now call an Assistant Professor. He had half a dozen PhD students and had not yet graduated a single one. I had a couple more options on the table but it is largely on the strength of that first impression from his lecture as a mature student that I told myself: if I'm going to do a PhD at Cambridge, I can't miss the chance of working with this guy. This was the summer of 1997; by then he'd been a lecturer for a couple of years, and he did not seem too keen on taking on one more student on top of the ones he already had. I remember an early email exchange in which I mistakenly referred to him as English, to which he promptly and vehemently responded: "I am not a fucking Englishman!". I cheekily wrote back "I'd rather be a fucking Englishman than a non-fucking one". Shortly afterwards I received an acceptance letter as his student.
I started attending the security group meetings, ahead of my official start which would have been the following January, and got to know his other students: Harry, Fabien, Jong-Hyeon and Abida, joined in October by Markus who was at the time completing his Master's course in the US but had already coauthored with Ross in 1996: that paper, "Tamper Resistance: a cautionary note", soon became a classic. Maybe Uli was already there too, or he joined around that time. I started getting invited to the lavish dinner parties that Ross and Shireen frequently hosted for the security group, in their faraway home in the middle of nowhere ("that's the only place I could afford a big house and nice garden even on my lecturer's salary"). There were many more people at these parties than just Ross's students: it seemed he knew everyone and was quite inclusive in his invitations. One of these parties I remember celebrated Shireen's 40th birthday. The food was always delicious but the company was better. When the bulk of the guests had left, a pack of attention-hungry Yorkshire Terriers was unleashed on the remaining attendees who were lounging on the sofas.
Always gregarious, in the old Computer Lab on Corn Exchange Street he was a regular at the afternoon tea hour where he'd make a point of chatting with everyone. It is on those ugly faux-leather green armchairs that I remember discussing exciting ideas with him while they were still being shaped, from the Guy Fawkes protocol (a precursor to the blockchain) to How to cheat at the lottery to the bootstrapping process for the Resurrecting Duckling that later became my first highly cited paper with him. At conferences, too, he connected with everyone. More to the point, he pulled everyone together. On many occasions he served as the catalyst that created a new community that then went on for years, sometimes decades, well beyond his initial involvement as a founder. From the UK-crypto mailing list to the Foundation for Information Policy research, the Information Hiding workshop, the Fast Software Encryption workshop, the Workshop on Economics and Information Security, the one on Security and Human Behaviour and I'm missing out plenty more.
I remember he religiously took notes at every one of our security seminars, whoever the speaker was, building an encyclopedia of knowledge that he then distilled into his book, Security Engineering, which he wrote during the last year of my PhD. I was excited to read his drafts and to send him comments while I was working on my own dissertation and he was doing the same to me. I was over the moon when his prestigious publisher, Wiley, accepted my own book as well, thanks in part also to his influential recommendation. Now his encyclopedic 1200 page book, which he kept updating till his third edition in 2020, is a must read for anyone doing anything in security, and it's amazing that a single person could have so many insightful things to say on so many facets of our field. I'm rambling a bit by now, sorry, it's very sad to see him go at only 67, but I hope I am conveying a little bit of why I chose him, why I was excited at the prospect of working with him, and of why I feel that choosing him as my PhD supervisor was one of the best and most significant decisions in my career. And I had no idea at the time that, after completing my own PhD, I would be appointed to a Cambridge lectureship myself and become his colleague.
Thanks Ross, rest in peace and thank you for everything.
-- Frank Stajano (see more)
Ross broke down barriers. He treated everyone as equals, from the undergraduate intern to the visiting professor. He loved to bring people together from all walks of life. He saw the opportunity to learn from everyone he met. He loved nothing more than a robust argument; the opportunity to debate an issue at length.
There is a huge Ross Anderson-shaped hole in my life. He was a brilliant mentor, colleague, and friend to me and many others. His impact has been considerable in so many ways. He will be greatly missed.
-- Alice Hutchings
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.
I can't remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both - I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute, at Cambridge University, for the six-month cryptography residency program he ran (I mistakenly didn't stay the whole time) - that was in 1996.
I know I was at the first Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography (the one with the blue cover) down from the shelf, I see his name in the acknowledgments. Which means that sometime in early 1993 - probably at Eurocrypt in Lofthus, Norway - I, as an unpublished book author who had only written a couple of crypto articles for Dr. Dobb's Journal, asked him to read and comment on my book manuscript. And he said yes. Which means I mailed him a paper copy. And he read it. And mailed his handwritten comments back to me. In an envelope with stamps. Because that's how we did it back then.
I have known Ross for over thirty years, as both a colleague and a friend. He was enthusiastic, brilliant, opinionated, articulate, curmudgeonly, and kind. Pick up any of his academic papers - there are many - and odds are that you will find a least one unexpected insight. He was a cryptographer and security engineer, but also very much a generalist. He published on block cipher cryptanalysis in the 1990s, and the security of large-language models last year. He started conferences like nobody's business. His masterwork book, Security Engineering - now in its third edition - is as comprehensive a tome on cybersecurity and related topics as you could imagine. (Also note his fifteen-lecture video series on that same page. If you have never heard Ross lecture, you're in for a treat.) He was the first person to understand that security problems are often actually economic problems. He was the first person to make a lot of those sorts of connections. He fought against surveillance and backdoors, and for academic freedom. He didn't suffer fools in either government or the corporate world.
He's listed in the acknowledgments as a reader of every one of my books from Beyond Fear on. Recently, we'd see each other a couple of times a year: at this or that workshop or event. The last time I saw him was last June, at SHB 2023, in Pittsburgh. We were having dinner on Alessandro Acquisti's rooftop patio, celebrating another successful workshop. He was going to attend my Workshop on Reimagining Democracy in December, but he had to cancel at the last minute. (He sent me the talk he was going to give. I will see about posting it.) The day before he died, we were discussing how to accommodate everyone who registered for this year's SHB workshop. I learned something from him every single time we talked. And I am not the only one.
My heart goes out to his wife Shireen and his family. We lost him much too soon.
-- Bruce Schneier
Ross made a profound impact on me. He was an outstanding mentor who set a positive example of how to be an effective academic and a genuinely good person.
His mentorship style was very effective. He provided plenty of guidance, advice, and feedback. But he also kept a healthy enough distance that helped me grow into an independent scholar. I'll never forget our first meeting in his office. He explained to me that at the end of the first year, I'll have a viva. Until then, he told me I was free "to work on whatever the hell I want", and that we'd figure out if it worked at the viva. Of course, I saw him plenty that first year, and he was always generous with his time when I had questions or needed feedback. But we never had regularly scheduled meetings. Instead, Ross would randomly pop into my office (which was next door to his) any time he had something that he thought might be of interest to me or if he had an idea he wanted to talk through. Those meetings would invariably lead to discussions of what I was working on, and in that way shaped my path.
Ross always sought out opportunities to elevate his PhD students (and really, any junior scholars). I benefited directly. Anytime he was asked to speak, if he had a conflict, he would recommend one of his students instead. That's how I got to travel all over Europe, from Austria to Cyprus, giving keynotes on security economics as a PhD student. It's also how I co-authored a paper with him in Science and a report for the European Commission. And the best part was, I was never just his stand-in. He expected real contributions, treating me as a fellow scholar even before I felt like one. Only later did I realize that by sharing these opportunities he helped make it true.
Ross imparted on me the importance of working on real problems that people care about. He valued collaboration and sought it out at every opportunity. And he was never satisfied with the status quo. He was unafraid to argue for change when warranted. I have done my best to internalize these lessons in my own career, inspired by his example.
On a more personal level, I always enjoyed the times he invited the Security Group to his home in Wrestlingworth. Shireen cooked a delicious meal, and the conversations would go on for hours. During one such visit, Ross broke out his bagpipes. Needless to say, the sound was impressively loud, particularly in a small dining room!
Finally, I really appreciated getting to know Shireen better during Financial Crypto conferences. Shireen, Jillian and "the moms" (my mother and mother-in-law) would hang out at the beach while Ross and I attended sessions. Then at meals and in the evenings and social events we would all come together and enjoy each other's company. I will always cherish those memories
-- Tyler Moore
I first met Ross in another century when I was working in industry and trying to persuade Governments they were doing dumb things to control the Internet, to control encryption and to listen in to everything we said in private. I was always impressed by how he would turn up, apparently unprepared, listen for a while, scribble down a few notes and then stand up and make a short intervention that made more sense than the previous speakers all put together.
Later, I was there to help him, Caspar, Ian and others kick-start FIPR, and there again at a Christmas drinks do in London when a casual conversation changed my life -- he'd sounded a bit bored with teaching and I was getting bored working for an ISP. I said we should swap jobs for six months and he said perhaps not, but I could come to Cambridge and do a PhD if I wanted. He then navigated the system for me, because we were taking little notice of rules of when and how you should apply and in the following September I started to become an academic. Twenty-four years later and with much help from him and I am beginning to get the hang of it.
He was much in demand, and rightly so, to speak on panels. If he could not go he'd recommend one of his PhD students or RAs to go instead; when they would never have been asked in their own right. That's why I got a trip to Financial Cryptography in Dominica. I came back and explained the attractiveness of Caribbean islands in February (and how this conference only had talks in the morning because everyone went to the beach in the afternoon) and thereafter he always managed to be able to go to FC himself.
One of the things I have learnt over the past week is how normal these types of stories are for people who knew Ross. I've read dozens of little notes and appreciations, scattered over blog comments, or in emails by many of the people I know well, and a lot that I don't, of how Ross changed the course of their lives too, by advice, by finding some improbable way to give them a job or a speaking chance, by supporting their endeavours elsewhere, or just by being there to chat with them whilst walking the dogs.
Governments (and University hierarchies) are still doing dumb things, but Ross did so much more than most to try and change that -- not least by encouraging others and by building communities that will continue the struggle to make things better.
Some people change the world through their inventions or their wise words. Ross did some of that -- but he was also that rarest of people, someone who has changed the world by empowering others to do that changing for us all. RIP
-- Richard Clayton
I remember the first time I met Ross. He was presenting his "Why Security is Hard" manuscript -- which essentially started, or contributed to start, the entire field of research on infosec economics -- at Berkeley in 2002. I was a PhD student there. I sent him an email in the scant hope he could meet with me while at the conference where he was presenting. Incredibly, he did reply, and did find time to meet with me, and chat.
That was the first of many, wonderful interactions I was so lucky to have with him over the subsequent 20 years. And now they seem too few.
Ross fought the good fight. He was relentless in that, and seemingly fearless of the powers he was putting himself against. That was inspirational: wow, I would tell myself, here is a serious scholar who is not afraid of taking very clear positions on critical issues, and speaking truth to the power!
I recall how intimated and amazed by him I was when I approached him in Berkeley in 2002 for our first chat. Over the years (especially thanks to organizing together the Security and Human Behavior workshop), I discovered such a warm, gentle, and incredibly funny side of his personality. And yet that sense of amazement never went away. Over the years, Ross was to me a mentor, an inspiration, a model, and a friend. He will be missed.
-- Alessandro Acquisti
I first met Ross as an undergraduate -- he was lecturing computer security. His lectures were a real inspiration: I adored the connections from cryptography to application and the many ways in which devious behaviour could cause untold trouble. As a PhD student, I bought a copy of his (then new, first edition) textbook and took pleasure in sending him a few corrections. I will also not forget him as my internal PhD examiner -- a wonderful couple of hours of discussion. I remember how proud I was that someone this important had taken the time to read my dissertation in such detail.
Ross and I have continued to collaborate, in recent times as part of the Cambridge Cybercrime Centre, on a new protocol to protect whistleblowers and journalists, and co-supervising Jenny Blessing. He's been wonderful to work with: insightful, knowledgeable, and fun to chat with. He really cares about students and staff alike. We will all miss him immensely.
-- Alastair Beresford
Ross Anderson left us far too soon. I grieve for him and send my love to his family.
Ross was an intellectual giant and an absolute legend in computer and information security, and like any true giant, he was incredibly down-to-earth and friendly.
I first met Ross at the very beginning of my career, when I was a very junior faculty. Having been told of his famously low tolerance for idiocy, and being completely star stuck, I remember being very anxious the first time I was introduced to him. As it turns out, he was absolutely lovely and kind. Perhaps that's because the French and the Scots famously get along (by correctly blaming the English for everything that is wrong in this world), but I was impressed by his congeniality.
You can tell a lot about somebody's character just from the way they talk to higher-ups and people in lower positions. Ross' sharp and acerbic wit was solely reserved to people in position of power that, truly, shouldn't have been there. For those of us that were not -- junior faculty, students -- he was an indefatigable advocate, wonderful and kind mentor, and always had time for us.
I remember in late 2010 seeing a call for a very large grant from DHS. It was a very long shot, but I wanted to apply, and I thought that some of Ross' work was a good fit for some of what the funding agency was looking for. So, I invited him to team up. He accepted, and I wanted to get him to be front and center on the grant given his notoriety. He said that he wouldn't mind if we thought it'd help, but that I (and Tyler Moore, at the time another junior faculty on the grant) should be running the show, not him. Often with senior faculty, that's code for "put my name on this thing, I'll take the money, but don't ask me to do anything." In Ross' case, that meant tirelessly writing entire sections and editing the whole proposal, giving us a lot of advice, and then, stepping back from the limelight. We wrote a lot of that proposal at Financial Crypto in Saint Lucia, in between cocktails and beach time.
We got the grant. It completely changed my career. Later, I heard through the grapevine that Ross was one of my biggest supporters when asked to write evaluation letters. It was incredibly helpful to have such a legend in my corner.
So, I owe Ross a lot, and I am sad that I never will be able to repay him even a fraction of everything he did for me. But, now that I am becoming slightly more senior, I will try to honor his memory by using him as a model in my interactions with junior colleagues.
Thank you, Ross.
-- Nicolas Christin
A beautiful mind has left us. I lost an esteemed colleague, dear friend, and mentor. Ross's influence stretched far beyond his role as a Professor at the University of Cambridge; he was a world-renowned figure whose brilliance and impact resonated throughout information and computer security research, spanning generations of researchers and scholars.
His intellect was unique, his research groundbreaking, and his dedication unbreakable. Ross was able to fuse profound knowledge with an incredible moral compass. He fearlessly championed privacy and information access rights, raising his voice against the misuse of technology and governmental overreach, always advocating for justice and integrity. And his impact is enormous. Beyond his academic fame, Ross was a living repository of wisdom, his mind a vast library of historical knowledge. His influence reaches beyond our immediate community, shaping the broader technology and policy landscape.
I had the privilege of knowing Ross and calling him a friend, and I was deeply touched by his genuine kindness and willingness to lend a helping hand. He embodied the true essence of compassion and generosity, leaving a legacy that will endure eternally.
To Ross's family, I extend my deepest condolences. May you find comfort in knowing that his legacy will continue to inspire countless individuals.
Ross, though you are no longer with us, your spirit will forever reside in the hearts and minds of all touched by your brilliance and kindness. Lastly, I borrowed a snippet from the known poem "Do Not Stand at My Grave and Weep" that I thought fits you well:
"I do not stand at your grave and weep.
You are a thousand winds that blow,
You are the diamond glints on snow,
You are the sunlight on ripened grain,
You are the gentle autumn rain.
....."
-- Ahmad-Reza Sadeghi
Ross was a pragmatic visionary. He critically observed situations, identified how the situation should be, determined what would be needed to get there, and made it happen. He not only applied this strategy very successfully to his own career, but to the careers of many of us, changing our lives for the better. Incidentally, this is also how we met. I met Ross at a psychology conference (SARMAC) in Rotterdam (The Netherlands) back in 2013. He had just received a large grant on deterring deception and attended this conference to scout talent. We were both in the audience when Ross asked the speaker a question about the use of machine learning to tackle her research problem. The speaker completely blanked - it was probably the first time someone mentioned machine learning at that conference -- but I got excited. So after the talk, I introduced myself to the person who asked this question, Ross. We started chatting and did not stop. We went for dinner that evening and he invited me to come to Cambridge, meet some people in the lab. This turned out to be a job interview, which I unfortunately only realised when I was already halfway through my visit. All's well that ends well, I got the job even though I hadn't consciously applied and it changed my life for good.
Ross was truly great at getting bright young minds together who shared his vision and were eager to facilitate change. He was a serial community builder. He founded multiple entire new disciplines and academic communities, including (but not limited to) WEIS on the economics of cyber security, SHB on security and human behaviour, and Decepticon on deceptive and dishonest behaviour.. The latter, Ross and I set up together and is still an active and vibrant research community today. Ross would attend all conferences and religiously take notes for lightbluetouchpaper.org, building an unparalleled open-access security resource.
Ross taught me to not only think strategically, but also to think big. How do we get the key researchers in our scientific committee? How do we get this line of research on the front page of the New York Times? Or even, how can this work lead to a Nobel Prize? He encouraged his students to do cutting-edge and meaningful research and to share these new insights with the wider public.
Ross believed in cross-disciplinary synergy, that one plus one could be so much more than two, especially when the two are complementary. He hired grad students and postdocs with a wide variety of backgrounds, including computer scientists, criminologists, economists, lawyers, and psychologists like me. This led to vibrant Friday lab meetings where security related topics were discussed from a variety of angles, sometimes leading to unexpected insights.
Ross was idealistic. He would only record a MOOC (online course) if it would be made freely accessible to everyone. Same for the papers and books he wrote. He strongly believed that academic information should be open. Private information on the other hand, must be protected. He demonstrated the fallibility of anonymizing sensitive data such as electronic health records and that photos and documents can often be retrieved from a wiped smartphone. Ross dedicated his career to protecting people's privacy.
Ross was famous for advocating his strong opinions. I believe one of his quotes ended up on a wall at GCHQ and he famously send a reference letter comprising one single line: "You'd be a fool not to hire her". But one of the things I liked most about him, is that he always listened with an open mind. He was endlessly curious, read more and about a wider range of topics than any one person could comprehend. But if you disagreed with him and posed a solid argument, he would use this input to update and, when relevant, change his opinion. Ross always gave me the feeling that what I said, mattered.
Ross was a great mentor and friend. He was one of the most generous and welcoming people I have ever met. Ross had a strong influence on the careers and lives of many, mine included. For example, he generously invited me to his home where I not only admired his taste in art, but he also invited me to "shop" furniture in his garage. I had just moved to Cambridge and my apartment was still a bit empty. Ross lent me a beautiful closet that had belonged to a friend of theirs and even brought it to my home. Helped me move it up the stairs. He wanted to make sure Cambridge would feel like home. And the extraordinary thing is that this wasn't an exception. He cared this deeply for many people.
Importantly, Ross did not do this alone. I have seldom seen such a complementary match as Ross and Shireen. When Ross organized a conference at the lab, Shireen would be there to host it. To chat to everyone, make sure they felt seen and welcome. When Ross joined Churchill, Shireen set up new committees and organised events for the partners of fellows. When I felt torn between staying in the UK or moving back to the Netherlands, Shireen would take me to the pub to listen to my worries. And the next morning, Ross would come into my office to pose a solution. "Run an experiment at a Dutch university so you can spend some time at home". Problem solved.
In 2015, at the end of the grant, I left Cambridge to move back to the Netherlands. Ross through me a goodbye party at the computer lab, serving pink prosecco. I loved it. Since then, Ross and I have visited many conferences together and each time we did, we had such a wonderful time. In addition to hearing the ins and outs in the field, we would go for walks and visit art museums. Walking with Ross through the Smithsonian's National Air and Space Museum was remarkable. He knew everything about everything and talked about it with so much passion that I started to regret studying psychology instead of aerospace engineering. Ross would be the one I turned to when in need of some serious life advice, for example when dealing with my parents who turned ill or when having trouble finding suitable education for my daughter. Ross always inspired me to solve the problem and think big if needed. "If there's no suitable school, start one". Because problems are there to be solved.
The last contact we had was the day before Ross passed away. We were planning to meet up during his next visit to the Netherlands. I was already looking up art exhibitions, wondering which one he would like best. With Ross' passing, academia lost a great mind, society lost an advocate for human rights, and we all lost a truly great friend who will be missed dearly.
-- Sophie van der Zee
Inviting me to help found WEIS changed my career in such a fundamental way. He created this pathway and ways forward that changed my trajectory. And now I am reading that he was did that to so many people, where a single interaction with him was a life inflection point.
I suppose he told you his bagpipe social engineering story: he discovered as a student on the continent that if you were in a given range of people in Germany they would drop some coins in your case. So he would march around playing of his many bagpipes in the train station, walking just close enough to people to engage the social contract - with a bagpipe - , and have enough to student the day away. He told this story to me and my younger child, who played brass in band, at FC by the ocean.
I posted this when I heard, "Ross Anderson cared deeply about the human outcomes of security & policy. He did not focus his brilliance on amassing tech wealth but instead on the hardest challenges, using nuanced technical insights in fighting to protect the vulnerable."
He was one of kind. And now I suppose I will never understand the differences between the Scottish and British enlightenments.
-- Jean Camp
In my second year at university David Simner suggested that reading Ross’ textbook Security Engineering was good preparation, and so over the course of a few weeks that autumn I read it cover to cover. Now I am a Senior Lecturer in cybersecurity, and one of the places that began was there. I still recommend that anyone involved in security read the latest edition of that book, because of the way it so clearly and accessibly explains and systematises such a huge breadth of important topics in cybersecurity.
Later Ross was my lecturer, explaining so much, so clearly and engagingly. In those days I still found Ross a little intimidating, but as I got to know him better I discovered how warm, friendly, and caring he was. He became my great grand PhD supervisor (Alastair Beresford <- Frank Stajano <- Ross Anderson), my co-lecturer, my PI, my co-author, my co-conspirator, and my friend.
So many people owe so much to Ross. His broad understanding of cybersecurity that proactively drew in other disciplines and created fields like security economics. His commitment to civil society through the cryptowars, patient privacy, government IT, and civil liberties. His commitment to his family and friends, and his support for disadvantaged people. While much of what he did was public, some of the most important things were only visible if you got close.
He made a huge difference to the careers of many people (including my own), with many of his PhD students and postdocs going on to obtain faculty, or other senior roles where they have in turn had a huge impact. He supported a diversity of thought and brought people into the department from a range of disciplines, helping to redefine what computer science is.
He had a huge impact on the University of Cambridge (once named “most powerful person”) through a range of campaigns and several terms on the University Council. He was ever a critical friend of the Vice Chancellor and played an important role in uncovering various kinds of corruption, mismanagement and discrimination. I learnt a lot from him through that. For a while he chaired the Cycling and Walking Sub Group of the Transport Working Group of which I was secretary. I think our first formal joint work was our proposed policy on cycling and walking, which was completely ignored by the University. He fought with me for the rights of postdocs to continue to be allowed to vote in University democracy (we lost). He was always someone you wanted by your side in a fight.
Ever one to have a memorable turn of phrase, one of the things he achieved in his battles with the central administrators was to plant a little ghost of himself in their heads so that every time they thought of doing something silly (e.g. on IP) the ghost would remind them of what response that would get and so put them off. This saved him a lot of time.
Another memorable description was of the zombie government policies on cryptography, or ID cards, or NHS IT. Ross and others would keep killing these policies off, carrying them away and burying them deep under the ground. Only for the policies to claw their way back out again after the next election.
One of our many great losses is that we will no longer have Ross in our ranks as we fight these good fights. However, many of us carry the memory of Ross, and a model of what he might do. Often a helpful starting point.
One of his last battles with the central administrators was over Cambridge’s mandatory retirement age. He didn’t want to retire as he had so much left to do. While he was forced to partially retire in 2023 he had not given up on returning to full time pay (he was still doing full time work). That injustice remains for others to right.
He was not perfect, like all of us he made mistakes, and sometimes enemies, but he was our friend and we loved him. We will miss him. He leaves both a void and a great many people who he trained to fill it. Ross was a giant and he helped us stand on his shoulders. He showed us that humans could be heroes.
-- Daniel Thomas
Ross Anderson died March 28. There is no one I learned more from in security than him. On every team I have run, when people new to infosec joined we would give them a copy of his epic work, "Security Engineering." His clear thinking and writing were and are the most useful guide anyone could have to understanding this field which is so filled with abstractions, jargon, and counter-intuitive protocols. Ross' writing showed how all the pieces fit and the increasingly important effect of information security on real world things.
My favorite part, and unique among many security and engineering works, is that each section typically discusses a threat model and then a set of security protocol attempts that have been made over the years to address this with more or less effectiveness. Just his ability to chart a multi-decade attempt of chipping away at some hard problem was impressive enough. But then, he would end the section with why and how this fails. Meaning still a lot more work to do. This industry is a far poorer place without him. We have lost someone important.
When I read the first edition of "Security Engineering", I had never seen someone link together the roles and interlocking dependencies of policies, mechanisms, and assurance in such a clear way. But Ross also added a fourth consideration- incentives. At the time, I was a young tech-first engineer, and I thought, hey this guy is being too academic, he had written such a good piece on security policies, mechanisms, and assurance, but then went too far into cute, academic abstractions with incentives. Of course, after a few years in practice, I realized, if anything, he had underweighted the importance of incentives. I told him later how I came to this eventual understanding, and Ross laughed that before he had been academic he spent his 20s and 30s as a contractor in banks, what he learned there on incentives was worth "more than a shelf-foot of books on game theory."
Ross' work is so useful, because he never stops at looking at security protocols in the abstract, he always shows - this is how this adapts well (or not) to a consumer mobile phone or a badge at a nuclear facility or satellite TV. Security is never just one thing, it is how it is used in the real world. Ross recognized that he was fortunate to spend time in industry before academia and the special blend, "gives you a gut feel for what goes wrong -- not just with the mathematics, but with the metal, and with the managers too."
Last week, I went back and re-read Ross' work "Why Cryptosystems Fail" it is on ATM fraud mainly, and written in 1993. It could have been written today. System designers "have suffered from a lack of information about how their products fail in practice, as opposed to how they might fail in theory."
Ross Anderson, rest in peace.
-- Gunnar Peterson
I just want to note here just how important Ross Anderson was, not just within the UK digital community, but globally. He was the model of a politically and socially involved computer scientist -- when I first heard of him in the 90s, he was doggedly trying to point out that the then security protections against ATM (cashpoint) fraud were too weak, and that the banks were blaming customers for leaking their PIN codes when in fact, those codes were eminently crackable.
After that, he was /the/ key figure in fighting restrictions on cryptography in the UK, putting together a coalition of CS experts in founding the Foundation for Information Policy Research, and then becoming one of the key (informal) advisors to the Labour party. As a gruff, Scottish socialist, Ross was tailormade to act as a counterbalance to the United States' heavy lobbying of the Blair administration to tow the line on making usable crypto illegal outside of the United States.
That had a global effect: opposition in the UK, at the time the US's strongest ally in many policies, limited the ability for the crypto restriction regime to spread. (After many years, it's notable that the main countries passing crypto restrictions during this period were those /furthest/ away from US support, rather than closest -- France, Russia, etc.).
FIPR and its successes spawned a strong, and experienced digital rights community in the UK early on. It was Ross and Caspar Bowden (who also sadly passed away far too early) who were crucial in encouraging this group to work with others in Europe to form EDRi, which remains the core of digital rights advocacy in Brussels. If you've ever wondered why the EU occasionally comes up with good cyberlegislation, it's because of the influence of EDRi -- and that coordination came from Ross and Caspar recognising that the real decisions were being made not in the UK or the US, but in the growing work of the European Union.
But at the same time as doing this political work, Ross was also building the foundations of a serious cybersecurity approach. He applied political, economic and social aspects to computer security models: his early writing on /where/ to put the liability for computer security flaws are still influencing approaches to legal liability now. He drew deeply from the actual use of technology: my favourite memory of him is him explaining how the Irish Republican Army actually passed around secrets under the nose of the British Army to a somewhat amazed BBC journalist.
Ross' high reputation allowed Cambridge University to lure Microsoft funding for their infosec department. The results of that collaboration indirectly led to CHERI, a capability-based security system designed by some of the brightest minds in the UK and beyond, and still for many of us the great hope for truly robust digital security.
Recently, Ross was still working on the cutting edge: the other week, Cory Doctorow pointed me to a paper he co-authored recently on how ML models might collapse in the face of ingested ML-generated content. When I devoted a chunk of a lightning talk to him at EthDenver, a prominent Filecoin ecosystem participant came up to me afterwards to thank me for highlighting Ross' work, as he had been instrumental in supporting her early career. Ross was grumpy, unforgiving, a blistering writer of flaming emails, and sometimes oblivious of the effect his disapproval could have on others. But he pursued and achieved singularly useful advances in the field of information security, and in the wider, messier world of digital rights and global politics. He was mad at Cambridge for forcing him to retire at 67, and he was right -- not just from a political point of view, but from the truth that he still had so much to give. He died too soon.
-- Danny O'Brien
When I started my PhD in Germany in 2003, I did not know anything about security, but was determined to learn. So I put the first edition of Ross Anderson's Security Engineering on my night table, and systematically read through it for several weeks every night. Some years ago I realized that everything I know about security originates from this book.
I met Ross personally much later, in 2017, on the Security and Human Behavior Workshop, und he was incredibly and unexpectedly kind to me. It was a tough time in my professional life, and I felt protected when he was around. Just so. He was also, to my great surprise, interested in my research and helped with advice and connections.
I liked most his unique humour, and especially his smile. It illuminated his face and surroundings like sunshine. Thank you, Ross.
-- Zinaida Benenson
Ross was a force of nature: full of ideas and thoughts on how to implement them, combined with inexhaustible energy. Ross could be a cyclone when you disagreed with him -- full-force winds in your face at upwards of 90 miles an hour -- but also willing to listen once he realized you had a point. Ross's mastery of cryptography, security, and the underlying policy issues that impeded implementing good security showed a command, at a deep level, of multiple fields and a rare capability to work within them. His ability to weave this knowledge into narratives that were both compelling and comprehensible to the lay person was a remarkable skill; it will be sorely missed by the security community. So, too, will Ross's energy and his boundless intellectual curiosity.
-- Susan Landau
Ross transformed my life.
He saw the pressure of the job I was under, the limitless gas of excuses, the heat of the logic that was hidden from me. He taught me to turn heat into light, to articulate, to shine, and to write. Let others react to my work, instead of rolling around in the mud with jobsworths.
I want his family to know this, because I have no doubt his writing and his teaching took him away from them often.
More than anything he taught me that a real hero shouldn't have a nemesis. To really be human one must transcend petty embodiments and target the abstract and reactionary injustices of the world wherever and in whomever they are found.
He showed me that I wasn't alone, and that crucially my new allies were people all over the world of different lived experiences. They might be young or old, of a dizzying array of genders, or skin tones, and that we would change things by what we write: be it code or legal precedents. I will miss his irascible nature, his childish jokes, and his mature discussions. I have his books, and his writing, and a community brought together by him (even now).
To Shireen, I am very sorry you have lost him so suddenly, but I am grateful you lent him to the rest of us from time to time. It didn't just change my life, it changed me as a person. I know I'm not the only one, and this book will help you see what he did when he wasn't with you.
-- Eireann Leverett
One of the many times that Ross fascinated us with his comprehensive knowledge about cultures and countries, he mentioned the word 'Kateb' (scribe, professional copyist) and its history. It has been an absolute honour to have known him as my academic grandfather (PhD supervisor of my supervisor). He and Shireen always said that I am too old to be their grandchild :) My heart and thoughts are with his family and friends. Best.
-- Maryam Mehrnezhad
This is sad news. I met Ross for the first time at Cambridge in 2008. His magnum opus "Security Engineering" had been published a few months earlier. I knew some of his articles.
But what really impressed me when we met was his energy and his desire to make a difference in the world. Security was not a purely academic topic for him. It was his tool to make the world a safer place.
He stood up for the victims of cybercrime, fought against injustice and feared no opponent, whether from government or industry.
The WEIS conference series, which he co-founded, was for me the most influential series of events ever. It is the place for people who wanted to understand why security works or doesn't work in the real world.
The last time I met him was at WEIS 2023 in Geneva. He was making plans for his retirement and still had so much to do. Things that can no longer be done by him. But we should not forget that he educated and inspired a whole generation of security engineers who are now working in research, academia and industry. He was the giant.
To Ross's family, I extend my deepest condolences. We will miss Ross very much.
-- Boris Hemkemeier
Ross Anderson died unexpectedly in his sleep last Thursday, leaving a large group of us devastated. He was one of those unforgettable people - fabulously erudite, generous with his knowledge and friendship, fiercely independent, and fearless. He had a kind of flinty integrity that was wholly admirable, which meant that he was often a thorn in the side of university, governmental and academic establishments, who discovered that he was no pushover.
He was a Fellow of the Royal Society and a recipient of the British Computer Society's Ada Lovelace Medal. He was a world authority on computer security, cybercrime and cryptography. He was Professor of Security Engineering at Cambridge, and leaves behind a remarkable cohort of PhD students who were lucky enough to have him as a supervisor.
Many people found him formidable and indeed sometimes forbidding. He didn't do small talk. And yet when you were lucky enough to get to know him (as I was) he was great company. He and I used to walk round the '800' Wood near Cambridge with his two lovely dogs, deep in conversation about the sordid ingenuity of cyber-criminals, the short-sightedness of academic administrators, the intrusiveness of national security agencies, as well as about Celtic folk music of which he knew a lot. (He was a piper and shared my interest in Uileann piping.)
I learned such a lot from those conversations. Ross changed the way I looked at computing, and alerted me to the political economy of the technology which has shaped my thinking ever since. He always spoke his mind - which is why when an email from him would arrive at 8am on Sunday mornings I knew that he had read my Observer column and had something to say about it, and accordingly braced myself before reading further.
The last time I saw him was a few weeks ago, when we both snuck into a talk given by Matt Clifford (who has become Rishi Sunak's go-to man on "AI Safety"). He had been invited by a student group, and Ross and I were the only two grizzled veterans in the room. Before Clifford embarked on his boosterish talk, I got out my pen to take notes, and then noticed that Ross had opened his MacBook. So I put my pen away. He always took the most detailed and accurate notes of any event he attended, and I knew that if I needed to check something later about Clifford's performance, Ross's record would provide the evidence I needed.
Ross was furious about Cambridge University's remorseless determination to force academics to retire at 67, and he had been mounting a campaign against the policy. At 5pm on the day he died, he had an email conversation with one of his colleagues, Jon Crowcroft, about the possibility of harnessing generative AI to add spice to the campaign. Ross sent Jon a link to a song he had just prompted suno.ai to create.
As Jon observed afterwards, it could almost serve as an obituary.
Ross's death marks the passing of the last of the five computer scientists who made Cambridge such a pioneering centre of research in the field - Maurice Wilkes, Roger Needham, David Wheeler, Karen Sparck Jones and Ross.
May he rest in peace. We were lucky to have known him.
Frank Stajano, one of Ross's colleagues in the Computer Lab, has written a lovely tribute to him in the blog that Ross and his colleagues have been running since 2006.
-- John Naughton
Professor Anderson was a giant of the field. Yet he often took the time to drop me a note of appreciation when he liked something I published. It meant a lot to me, especially as a junior scholar. I corresponded with him just last week. This is a complete shock. RIP Ross
-- Arvind Narayanan
Ross has long been a source of deep personal inspiration for me. He taught innumerable lessons in research, publishing, and technical skills, but more importantly he taught through example how to set and achieve lofty goals, how to ask the important questions, and how to redefine any system -- technical or human -- to make it better. Ross was honest; he did not sugarcoat feedback, and for that his students are stronger and better prepared for the "real" world. Underneath this, though, it was always abundantly clear how much Ross cared about his students, their interests, and helping them to achieve their dreams.
Ross was one-of-a-kind. He was able to balance so many different activities with grace and seemed to know something significant about everything. Ross could talk with anyone. Ross made and published significant discoveries, and taught a non-trivial portion of the population either directly or through the knowledge in his books.
Thank you, Ross, for everything.
-- Nicholas Boucher
RIP Ross J. Anderson, who died on March 28, at 67 and leaves behind a smoking giant crater in the fields of security engineering and digital rights activism. For the former, he was a professor of security engineering at Cambridge University and Edinburgh University, a Fellow of the Royal Society, and a recipient of the BCS Lovelace medal. His giant textbook Security Engineering is a classic. In digital rights activism, he founded the Foundation for Information Policy Research (see also tenth anniversary and 15th anniversary) and the UK Crypto mailing list, and, understanding that the important technology laws were being made at the EU level, he pushed for the formation of European Digital Rights to act as an umbrella organization for the national digital rights organizations springing up in many countries. He also was one of the pioneers in security economics, and founded the annual Workshop on the Economics of Information Security, convening on April 8 for the 23rd time.
One reason Anderson was so effective in the area of digital rights is that he had the ability to look forward and see the next challenge while it was still forming. Even more important, he had an extraordinary ability to explain complex concepts in an understandable manner. You can experience this for yourself at the YouTube channel where he posted a series of lectures on security engineering or by reading any of the massive list of papers available at his home page.
He had a passionate and deep-seated sense of injustice. In the 1980s and 1990s, when customers complained about phantom ATM withdrawals and the banks tried to claim their software was infallible, he not only conducted a detailed study but adopted fraud in payment systems as an ongoing research interest.
He was a crucial figure in the fight over encryption policy, opposing key escrow in the 1990s and "lawful access" in the 2020s, for the same reasons: the laws of mathematics say that there is no such thing as a hole only good guys can exploit. His name is on many key research papers in this area.
In the days since his death, numerous former students and activists have come forward with stories of his generosity and wit, his eternal curiosity to learn new things, and the breadth and depth of his knowledge. And also: the forthright manner that made him cantankerous.
I think I first encountered Ross at the 1990s Scrambling for Safety events organized by Privacy International. He was slow to trust journalists, shall we say, and it was ten years before I felt he'd accepted me. The turning point was a conference where we both arrived at the lunch counter at the same time. I happened to be out of cash, and he bought me a sandwich.
Privately, in those early days I sometimes referred to him as the "mad cryptographer" because interviews with him often led to what seemed like off-the-wall digressions. One such led to an improbable story about the US Embassy in Moscow being targeted with microwaves in an attempt at espionage. This, I found later, was true. Still, I felt best not to quote it in the interests of getting people to listen to what he was saying about crypto policy.
My favorite Ross memory, though, is this: one night shortly before Christmas maybe ten years ago - by this time we were friends - when I interviewed him over Skype for yet another piece. It was late in Britain, and I'm not sure he was fully sober. Before he would talk about security, knowing of my interest in folk music, he insisted on playing several tunes on the Scottish chamber pipes. He played well. Pipe music was another of his consuming interests, and he brought to it as much intensity and scholarship as he did to all his other passions.
Ross J. Anderson, b. September 15, 1956, d. March 28, 2024.
-- Wendy M. Grossman (see more)
Shireen, Ross, thank you very much for your friendship. We spent such a wonderful time in your garden outside on Windsor Street. Far from home, this place felt like an island of calm. We will cherish these memories in our hearts. Thank you for your support in difficult times, for your kindness and warmth.
Ross, thank you for the opportunity, humour, and patience. For walking around Cambridge, for talking about everything from handmade bagpipes to robo-noses. For honesty and openness to everything - from people from other cultures to creepy pike caviar. We will miss you, looking forward to our next time in the garden.
With love,-- Dasha and Ilia
I am deeply saddened by Ross's passing. To me, he was a great mentor, a caring elder, and a close friend.
Being admitted as his student was the most fortunate event for me. In the months before I arrived in the UK, from visa processing to accommodation and other life matters. Ross actively offered me help and advice. Upon my arrival, he cared about my living and study situation all the time; we together explored and decided on research plans. Although we knew each other for a shorter time compared to his other students and colleagues, Ross was the closest person to me in the UK.
I am deeply grateful for his belief in my potential and his willingness to guide me. His erudition and rich experience were key factors in my decision to pursue a PhD here. I will always remember our first dinner at the High Table in Churchill College.
His visits to Edinburgh were not frequent, but we corresponded by email almost daily, and we met during the online meetings on Mondays, Wednesdays, and Fridays. At the University of Edinburgh, Ross was one of the most respected professors, benefiting both faculty and students from the interactions with him. His guidance, wisdom, and kindness have profoundly impacted my life and the lives of many others.
Please accept my heartfelt condolences during this difficult time. I am grateful for the opportunity to have been a part of his academic journey. I will always miss him.
With deepest sympathy.
-- Lawrence Piao
Dear Shireen,
I was deeply saddened to hear of your loss. Please accept my heartfelt condolences on the passing of your loved one. Ross was not just a colleague, but a beacon of inspiration for all of us who had the privilege of knowing him. His wisdom and guidance left a mark on our lives, enriching us in ways we can never fully express.
Ross had a remarkable ability to touch the lives of those around him, offering invaluable advice and unwavering support. His impact reached far beyond the confines of our workplace, extending into the hearts and minds of everyone he encountered. His legacy of kindness, generosity, and compassion will forever be cherished by all who were fortunate enough to know him.
I feel honoured and blessed to have had the opportunity to call Ross a mentor. He will always hold a special place in my heart. His legacy will continue to inspire us all.
During this difficult time, please know that my thoughts and prayers are with you and your family.
With deepest sympathy,
-- Maria Bada
Ross had a remarkable spirit of openness and a genuine eagerness to engage with individuals from diverse backgrounds and areas of expertise. This was evident in the Friday Security Group meetings he presided over. Ross embraced debate with enthusiasm and, in so doing, fostered an environment where intellectual growth thrived. Many people in his position don't like being challenged or engaged in debate about their areas of expertise, taking it as a personal slight. Ross was not one of those people, and I enjoyed the back and forth I experienced directly and in observation with others.
Personally, I am profoundly grateful for Ross's inclusivity, both in professional settings and in more casual interactions. Despite having left the University of Cambridge Computer Lab years ago, his continued invitations to attend Security Group meetings, social gatherings, and one-on-one discussions spoke volumes about his genuine warmth and generosity.
His inclusive nature had a profound impact on me, and I regret that I am unable to fully reciprocate the kindness he showed me.
In honouring Professor Anderson's memory, I hope the individuals (myself included) and communities he's affected can strive to emulate his spirit of inclusivity and intellectual curiosity, ensuring that his legacy continues to inspire, not just for his intellectual and academic contributions, which are many and great, but his personal ones as well.
-- Jeunese Payne
It is hardly ever or might even be never I comment on here, but tonight is different.
As the passing of a Titan in my chosen field of interest. Some of you will not know him but some will, anyone in computer science or cyber certainly will.
It is sad to say my dear friend Professor Ross Anderson of Cambridge University sadly passed away, what is yesterday now as I lay in bed thinking about him and his family.
As a close personal friend of Ross and a fellow Computer person, I know he would like everything you have said about himself and his huge contribution to Computer Science. Both the positive and negative comments would make him smile, He knew and we often discussed late in to the night over a glass of red wine or two, his and others work, always interesting and always on point. He was especially pleased if something he had written or commented on made someone else react. His view was 'well there talking about it now!' My favourite moments were when he'd ask me over to stay and we'd sit late into the night discussing anything and everything. Even better still was attending a Fellows Dinner at Churchill College with him and his wife Shireen and witnessing the Master at work, he was always great company.
I miss you already old friend.
I spent the afternoon yesterday (Wednesday) with Shireen and the whole family, joining us was Robert Brady another life long friend. Shireen and their daughter Bavani obviously upset were the epitome of grace and calmness as one would expect from such a wonderful family. Ross would have been very proud of them!
My love and thoughts tonight are with his wife Shireen, his daughter Bavani and his grandchildren.
-- Mark Foster
I had just been talking to Ross Anderson a few days before I got the shocking news from a friend in Cambridge about him passing away unexpectedly. I could hardly believe it. Ross and I had been discussing a guest lecture I gave for his computer security course at the University of Edinburgh. He was his usual ebullient self, full of life, energy and passion. He spent a lot of time over email and Zoom to help me prepare and properly pitch the lecture. I am sure it would have been a lot less effort for him to just give the lecture himself, but he cared deeply about giving the students the best possible education, so for him a lecture about silicon level security from someone in industry was an important part of the students' education. He told me he was especially keen to impress upon the students the guest lecturer was a fellow Scotsman. Ross and I both come from Glasgow.
This level of passion, drive and "giving a damn" typified how Ross approached the many things he cared about in life, including playing the bagpipes. I took the photograph above on 14 March 2009 and I recall just how good the bagpipes sounded when played masterfully with great skill. Few of the songs that night were traditional Scottish tunes, most were pop songs amazingly transliterated to the bagpipes and they sounded wonderful.
I first came across the intellectual juggernaut Ross Anderson in a professional capacity, along with Saar Drimer, in Cambridge to discuss the security flaws in the chip and pin credit card system (Chip and PIN is Broken). However, we quickly bonded and became friends, due to a mutual interest in food, drink, music, technology and a similar "Glasweigan" perspective on the world.
I was surprised he would give the likes of me the time of day to talk deeply about silicon technology, security, banking, and the social aspects of security at a high bit-rate that I could hardly keep up with. I quickly realized that he was not a man of airs and graces, and treated everyone he encountered as equals. I very much admire and respect that quality. He could be fiery and intense, brutally direct and blunt, and loud and emphatic. He was that way because he cared.
As a broadly educated man he had the capability to intersect technology with economics and how people behave to understand the weak points and failings of technology. A phenomenally important role he played was holding to account the world of finance when it wrongly accused customers of giving away their PIN numbers, when they were actually stolen with "man in the middle" attacks from handheld chip and pin readers. The fact that he had worked in banking before he moved to academia no doubt greatly strengthened his hand.
The UK Post Office IT scandal reminds us how the big and powerful continue to cover up their failings by wrongly blaming innocent individuals. Big corporations entirely control the development and deployment of machine learning technology which will increasingly make inscrutable judgments about our lives, and us. Politics and government is attempting to make some inroads to try regulate AI. However, the world needs many more Ross Andersons in academic positions where they have the platform to speak truth to power, and fight for the ordinary person, to stamp out injustice, and fight for what is right and decent.
This is a picture of the last time I saw Ross in person, in January 2024 at Fin Boys restaurant in Cambridge, here shown with our mutual friend Sanjay. Anyone that knew Ross understood the depth of love and commitment he had to his family. Beyond that, he was a galus friend.
-- Satnam Singh (see more)
I may be one of the most junior people here to speak about Ross. As one of the last students advised by him, I may not have known him for as long as some of you have. Our connection began over four years ago when he, along with two other professors, interviewed me for a research assistant position at Cambridge. When I started my PhD on cybercrime with Alice in early 2022, I was fortunate to have him as my advisor, and since then, we have worked closely together.
Ross was the first person to take me for a walk around the building and outside on a sunny day when I arrived in Cambridge. We discussed various topics, and my initial impression was that he knew everything while I knew nothing. Indeed, he knows things very well. We had around six months together before COVID-19 disrupted our social contact, after which I had to return to my home country for over 1.5 years.
I was forced to return to the UK in late September 2020 to renew my visa. At that time, I was staying in a room far from the lab, and restrictions prevented me from going outside. Ross kindly came to help me collect and scan all necessary documents, not just once, but twice. When I expressed concern about the risk of infection and suggested waiting until after my self-quarantine to renew my visa, he reassured me: "Don't risk the visa, though. I can handle hazardous materials. Look, I pick up dog poo every time I take the dogs for a walk. I can't imagine that your passport is more hazardous!". I deeply appreciate his care for me, and I'm certain he cared deeply for others too.
The next time I met him in person was in late 2022 when I returned to Cambridge as restrictions were lifted. I started my PhD soon after, and since then, as we worked closer together, I could much better feel his endless energy. I admire him not only for his vast contributions to science in many ways, his enthusiasm, and his inspiration - as others have mentioned - but also for how he treated students and colleagues. For me personally, he always found opportunities to push me forward and introduced me to those he thought could help. He encouraged me to attend SHB this year and connected me with his former student in Singapore for an invited talk. He intended to connect me with some others too, but sadly never got the chance.
Ross also cared about my family as much as he cared about me. In mid-2023, my uncle was diagnosed with craniopharyngioma, and once Ross learnt about it, he tried everything he could to connect me with the best surgeons in Cambridge and India. Unfortunately, my uncle didn't get to travel, but Ross's help meant so much to me and my family. He was very generous, always spending his time and patience correcting my mistakes, not only in research but also in my English. He often told me, "Your English is broken," but the good thing was that he also explained why it was wrong and how it should be corrected. He gave me compliments when I did good work, even just small ones, and that encouraged me very much. I really felt reassured having him by my side.
The last major thing we did together was moving his bookshelf to the new office as Cambridge forced him to retire. He of course did not like that. When I saw him carrying things around, I offered my help, and he accepted. It took us a few weekends to sort everything out. He told me he had been in the old office for almost 30 years and would miss it. He hoped he could stay in the new office for another 20 years. I wished the same. He showed me a card his mom and dad gave him long ago when he was a kid, and with his great smile, I knew he cherished it very much. I always wanted to have a picture with him when I graduated, and I promised to give him a copy of my PhD thesis later this year. Sadly, I will never have that chance.
Our last interaction was just before he passed away. I looked inside his office and saw him editing his webpage to make all the chapters of his book available for free. He had always wanted to do it, but copyright restrictions had prevented him until now. He also mentioned he might write a new edition when he had time, which I was eagerly anticipating. Later, he knocked on my door - as he always did to say goodbye before heading back home when we were both working late in the lab - and told me he would be in Edinburgh for a few days and would see me after Easter. Sadly, it was the last time I saw his smile.
I know nature is cruel, and that death is a part of life's beauty, but it has been incredibly heartbreaking to lose him so early and so suddenly. He passed away close to Good Friday, and I believe he has now risen to heaven with God. His life was very well-lived, and his vast contributions will never be forgotten by many generations of students, colleagues, and friends.
And yes, he had a strong passion for folk music. Here are some (rare) videos of him playing the bagpipe, recorded by me around one year before his passing. I miss that.
-- Anh V. Vu
Devastating to hear this. Ross corresponded regularly and was tremendously encouraging. He made me feel like there was somebody else out there who understood the gravity of the work we do.
Ross has been one of the precious few who understood my thoughts about civic cybersecurity and how true national security is an ordinary daily attitude. That every grandmother and schoolchild deserves basic digital security, privacy and autonomy in their online life. That it is all our responsibilities to step up to the task that Apple, Google, Microsoft and our governments cannot handle alone unless we lead the way.
My cybersecurity courses and indeed my own security thinking have been profoundly shaped by his work. The idea of "Security Engineering" as a serious, measurable, reproducible discipline lay in his hands.
Ross was never anything but generous with his time and honest with his opinions. His open publishing stance (to have complete copies of his older texts online, which he skilfully negotiated with Wiley. is an example to all academics.
His work leading the Cambridge team in doing interesting, socially relevant security work in a world of so many dry, inaccessible papers on cryptography and protocols was a refreshing beacon of light.
We planned to meet in Edinburgh one day and share some good single malts. I feel lost at this news. Sincere wishes to all Ross's family.
-- Andy Farnell
It's only been a week but still struggling with this genuinely massive loss to all that we are doing in this field.
Ross was generous and funny. But most of all authentic. He did not suffer fools. Especially jumped-up pseudo-authorities and those who use cybersecurity as a way to try to bamboozle and dominate others. Ross had a vision of computer security for the people, which I share and will not allow to fade.
There needs to be a Ross Anderson Memorial "Truth To Power" Award. Please, make everything you do courageous in his honour.
-- Andy Farnell
I saw the sad news yesterday, via Alec Muffett that Ross Anderson had passed, which is an enormous loss the the IT security community (and the industry more widely).
I didn't know Ross very well, so the obituary from his friend and colleague Prof Bill Buchanan OBE provides a much better summary of his work and impact. What follows are just a few personal reflections.
Ross did a great deal to shape my work and my career path, and I'm thankful that I got to meet him a few times along the way. I've previously described 'Security Engineering' as "the bible of infosec", and through that work Ross was impacting the world I worked in before I ever heard his name.
I got to meet Ross for the first time at one of his Workshops on the Economics of Information Security (WEIS). That series of workshops came about from Ross's prodigious talent for picking up different lenses to look at the world of security through -- in this case the lens of economics, leading to his seminal paper 'Why Information Security is Hard -- An Economic Perspective'. My first encounter with Ross was a little prickly, as he had a huge distrust of banks, and by extension the people who worked for them; but I kept going back to WEIS, and over time our conversations became more collegiate*. My favourite memory of him was after WEIS 2010 in Cambridge MA where he invited anybody hanging around to join him for dinner, bringing together a wonderful slice of the community to talk shop over giant sushi boats. I wish I had a photo, as the happy relaxed Ross that evening was Ross at his best.
Through WEIS I got to know folk like Allan Friedman and Tyler Moore who are leading efforts to make us all more secure.
A few years back I found myself meeting a CISO for the first time and spotting a copy of Security Engineering on his bookshelf. I knew we'd get along just fine.
I'd hoped to see Ross again, and maybe chat to him about the Horizon scandal. I'd have also wanted him by my side as an expert witness if I ever got entangled in any legal trouble to do with computers. He'll be sorely missed; though it's a sign of the quality of his leadership that there are so many people that will continue his great work.
RIP Ross.
* After a conversation with Ross and Hal Varian about side channel attacks I recall thinking of an attack against pre-emptive execution in CPUs (like Meltdown or Spectre) which I dismissed at the time thinking the geniuses at Intel and Arm would have everything under control. Never assume -- verify.
-- Chris Swan
WHEN A CRYPTOGRAPHER PASSED AWAY
When a cryptographer passes away, one feels an inscrutable sense of disorientation, a loss that only the memory of him might soothe; yet, you realize that nothing in his absence can decipher that state of the soul which, we mortals, call nostalgia.
When a cryptographer dies, you reflect on our diminished capacity to solve existential riddles, puzzles that only a mathematician as an artist could have dared to desire to unravel.
Upon the death of a cryptographer, it becomes apparent that the world has lost a piece of the broader mosaic in which each one of us strives to fit, and you understand that he, perhaps, was on the verge of grasping how the mosaic and the piece are equivalent.
But, at the metaphor's end, we all now know that if the cryptographer dies, it is for three days, and then he rises again, ready to solve the secret paths that lead to enlightenment.
In memory of Ross John Anderson, who passed away on March 28, 2024.
-- Roberto Garavaglia
I'm not sure he knew it, but Professor Ross Anderson was a huge inspiration and source of knowledge when starting Volemic.
I still can't believe that he died suddenly on 28 March at his home in Cambridge.
Ross Anderson was a brilliant teacher of generations of computer scientists at Cambridge University, the author of the standard textbook on security engineering and a fierce intellect and advocate for security and privacy.
As Rory Cellan-Jones tweeted over the Easter weekend: "Ross Anderson was a mischievous, brilliant giant in the field of cybersecurity and privacy - until I met him I'd assumed he was in his 30s. Such a loss.."
In the words of another journalist and friend, Wendy M Grossman:
"Ross J. Anderson leaves behind a smoking giant crater in the fields of security engineering and digital rights activism. For the former, he was a professor of security engineering at Cambridge University and Edinburgh University, a Fellow of the Royal Society, and a recipient of the BCS Lovelace medal. His giant textbook Security Engineering is a classic. In digital rights activism, he founded the Foundation for Information Policy Research and the UK Crypto mailing list, and, understanding that the important technology laws were being made at the EU level, he pushed for the formation of European Digital Rights to act as an umbrella organization for the national digital rights organizations springing up in many countries. He also was one of the pioneers in security economics, and founded the annual Workshop on the Economics of Information Security..."
His loss leaves a void for his family and friends and for everyone who cares about privacy and security.
-- Angus James Allen
Ross Anderson left us
My friend and colleague Louis Labelle just told me the news: Anderson died on March 28th.
The first time I heard about him was when I started working on a financial chip card project (to this day, the best project and the best team I contributed to...). Anderson was the annoying gadfly that kept finding security holes in the security protocols. As all goads, he kept us moving forward by pointing improvement possibilities.
I remembered him while doing my PhD thesis, and his publications became my rabbit holes. People who've done advanced studies will know what I mean: you find authors that open doors to new areas, you get fascinated and get distracted from your original goal. You have to focus back to your plan, but these authors are so driven, they can't be put aside.
Anderson was one of those authors.
He will be sorely missed.
-- Yvan Beaulieu
It was very sad to hear of Ross Anderson's death. Many of us lost not only a colleague but also a friend. Ross was not someone you'd immediately connect with, but once you got to know him, you'd discover he was a man with a big heart. I will always remember you at those parties you were organizing at home inviting all the students of the Security Group at the Computer Lab. Thank you for all the things you taught us. My deepest condolences to his family.
-- Bruno Crispo
I'm sad to hear that Ross Anderson has passed away. In 2005-2006, I had the privilege, as a grad student, to visit Cambridge and work with Ross and members of his lab.
Ross was always deeply insightful and no BS. In the last email he and I exchanged, he was encouraging me to pick my battles, and said with his characteristic wit: "If I were to kick every asshole I meet I'd have died in jail long ago."
RIP Ross, and my deepest condolences to his friends and family.
-- Ben Adida
That is sad news for the security community. I have only just read that Ross Anderson, an inspiring author and security expert, has passed away. I read his book, Security Engineering, many years ago and often referred to it. I found it to be an excellent resource when starting out in Security Engineering. It's no surprise that I still say it's a must-read book for anyone interested in the field.
We lost a prominent community member, but his legacy will live on. Prof Bill Buchanan has expressed our loss beautifully in a fitting blog post. You can read his tribute to Ross Anderson here.
Rest in peace, Ross Anderson.
-- Steven L.
This is incredibly sad news. Prof Ross Anderson had a formidable brain & fierce integrity.
He could sometimes give us in the security services a difficult time, but that's because he cared, & really knew his stuff. And he knew how to disagree well.
A life very well lived
-- Ciaran Martin
Very sorry to hear that Professor Ross Anderson passed away last night. Aside from his (numerous) contributions to Information Security, he was a mentor to and advocate for many researchers in the field. He will be sadly missed but leaves behind a strong legacy.
-- Steven Murdoch
Ross was far more. He had a pivotal role in preserving the unique position of Cambridge as "The Devils Flamethrower", where falsehood is exposed and academic freedom and intellectual property rights are preserved and not brought to heel by the University "authorities".
"The Devils Flamethrower" was the title of a small piece he wrote for the TES on what made Cambridge unique as a University. It is now, ironically, behind a pay wall.
Luckily his longer "Alternative History of Cambridge" is not.
I will include links to both in comments below. I will also look up my review/reply when I could not resist listing some of the spies and spymasters produced by Cambridge as similar seekers after truth and exposers of falsehood.
Our last exchanges were during Covid. He helped me with the introductions produce an authoritative (with references) private political brief on why the plans to use blue tooth (via well known ranges of smart phone) to aid track and trace would produce so many erroneous contacts as to be worse than useless.
Whatever our "public differences" he was always very helpful in private when it came to teasing out the best way forward when the lobbyists on neither side knew what they were talking about and those briefing them had no wish for the realities to be discussed in public.
-- Philip Virgo
In 2002, he invited me (with all expenses paid and a nice stipend) to deliver a lecture, "The Electronic Voting Enigma -- Hard Problems in Computer Science" at the University of Cambridge. This was back when explaining the many ways that electronic voting systems could (and still can) be rigged to alter election outcomes, did not automatically identify one as a conspiracy theorist. (Instead, the word "Luddite" was often used.) During my visit, Ross arranged for a private meeting in London where we spoke with members of the U.K. Cabinet.
We also had a special tour of the Houses of Parliament, which I will never forget. As a long-time Professor of Security Engineering, he was well-ahead of most in raising the red flag on a broad range of technology issues that continue to be problematic. His voice and tireless advocacy on these subjects will indeed be missed.
-- Rebecca Mercuri
I wasn't lucky enough to have more than occasional dealings with Ross. But each left me smarter -- and, perhaps more important, wiser. UKCrypto was indeed a marvel, and Ross (along with Casper, Ian and so many others) made the world appreciably better than how he found it. RIP, pal. You were a star.
-- Jeremy Scott-Joynt
I could not believe my eyes when I saw the sad news that Ross Anderson had passed away yesterday. This is a great loss of the cyber security community. I believe many will agree with me that Ross is one of the greatest cyber security researchers, educators and influncers in the UK and worldwide.
I exchanged emails with him in mid Jan regarding using some of his reports for my updated teaching materials on Online Safety Act 2023 and planned to contact him again in the next weeks for something else. I still remember his invited talk for ICICS 2022 very well, when he planned to come to Kent but had to switch to an online talk. Like many of his other talks, the ICICS 2022 talk was very insightful and well received.
May his soul rest in peace!
-- Shujun Li
We miss him deeply, yet he will remain an inspiration to countless individuals. He exemplified an admirable set of values and principles treating others with respect, dignity and as his equal. As a FIPR volunteer I felt apprehensive at approaching him at first, but Ross's humility put me at ease. He prioritised collective progress over personal ego, focusing on what's important and ahead of us.
-- @Des
22+ odd years ago I emailed Ross out of the blue. At the time I was working at a small startup attempting to build mobile banking infrastructure for rural poor in South Africa and elsewhere. I was after a copy of a paper he had mentioned in a talk and Ross replied with a blunt to the point email about how hard he thought the problem domain we were trying to tackle was (along with a pointer to the paper I had asked about). I remember being slightly annoyed by the initial tone of his response, but it got me thinking - then thinking a lot more. There were some very well thought out reasons behind his arguments. I replied a few days later with a detailed list of how we were addressing his concerns along with some others he hadn't mentioned but also acknowledging the areas we needed to dig into further. I didn't really expect an answer, after all, I didn't know him, but he had got me to think hard on key problems and I wanted to acknowledge that.
We got a lot more than a simple reply. We got his focused feedback, constructive criticisms, pointers to other work he thought was relevant, general support, some key follow up conversations on the phone, followed by introductions to folks he knew in industry who he thought could help (who would have never entertained us at that stage otherwise). While the startup eventually didn't make it, many of the ideas we worked on did. Of the folks that we met through that whole adventure, Ross was one of the standouts. Yup, he was very good people indeed and will be sadly missed!
-- ptrott2017
Very sad that Ross Anderson has died unexpectedly in his sleep. He is a hero of cybersecurity and technology policy. I am in absolute awe of how much he got done not only as an academic but as an organiser and a true, unpaid (beyond his professorial salary) servant of the public, answering every relevant call for expertise. He is deservedly the most cited person on Google Scholar for Technology Policy.
I'm sure others who know more about his work and him more personally will write better posts. But I just want to say how much I admire him and his work and to share a picture I took the one time I visited him in his office at Cambridge, in 2018.
-- Joanna Bryson
He had a huge influence on me and my thinking as a grad student, and was one of the creators of the security economics field. I'll also remember him for, after a few drinks, working hard to convince impressionable young scholars about the importance of the Scottish enlightenment, and the superiority of Cambridge to Oxford.
-- Allan Friedman
In Memory of Professor Ross Anderson: A Titan of Cybersecurity and Digital Privacy
Today, we mourn the loss of Professor Ross Anderson, a pioneering force in the realms of cybersecurity, digital privacy, and smart card technology. His groundbreaking work has left an indelible mark on the field of computer science, shaping the way we understand and implement security in an increasingly interconnected world.
Key Contributions
- Co-invention of the Needham-Schroeder protocol, enabling secure communication across global networks without prior identity knowledge.
- Significant advancements in smart card technology, enhancing the security of devices we use daily, from credit cards to passports.
- Development of APIs with a focus on security and privacy implications, contributing to safer software applications for all.
- Authorship of "Security Engineering", a seminal text in security studies, and vocal advocacy for privacy rights in the face of global surveillance.
Recognitions
- Elected Fellow of the Royal Society (FRS) and the Royal Academy of Engineering (FREng) in 2009 for his pioneering contributions.
- Awarded the prestigious BCS Lovelace Medal in 2015, highlighting his extensive contributions to the IT industry and academic research.
Professor Anderson's work transcends academic accolades, impacting policy debates on security, privacy, and human rights. He established security economics as a critical academic discipline and tirelessly worked towards a world where technology serves humanity's best interests.
As we reflect on his remarkable legacy, let's continue to push the boundaries of what's possible in cybersecurity, inspired by his vision and dedication. Ross Anderson's influence will undoubtedly persist, guiding future generations towards creating a more secure, private, and equitable digital world.
Rest in peace, Professor Anderson. Your legacy will not be forgotten.
-- Rafael Narezzi
He attended one of our seminars at Oxford of the research group I was part of. I was too dumbstruck to say anything, being in the presence of such intelligence and wit. No, he did not convince me that Cambridge was better, though. May he rest in peace!
-- Debora Weber-Wulff
Ross was one of the few people I could guarantee would be even more angry than me about infringement upon the right to create code and run it.
There are no words to express the loss to the causes of information security and freedom to communicate.
-- Alec Muffett
One of the most influential and respectable information security researcher and activist just passed. I remember his works in cryptography and cross-disciplinary research being among the most interesting and influential during my PhD years. His book Security Engineering is probably the best in its category, in particular the 2020 third edition.
He will be missed, the information security field and community owe him so much, his book Security Engineering is a classic and many of his articles are must-read for infosec students and practitioners.
-- Jean-Philippe (JP) Aumasson
It is with great sadness to learn of the passing of Professor Ross Anderson, a leading campaigner for digital rights. He inspired so many and ignited my interest in Information Security with the paper "Security Economics and the Internal Market". His passion & advocacy for privacy and the security of the individual will be a great loss.
-- Dan Myers
Remembering Ross Anderson: A Pillar of Security Engineering and Advocate for Privacy
We are deeply saddened to announce the passing of Professor Ross Anderson, a distinguished figure in security engineering and a revered academic at the University of Cambridge. Renowned for his groundbreaking contributions to computing, including machine learning, cryptographic protocols, and hardware reverse engineering, Anderson's legacy is marked by his commitment to privacy, security, and education. His work earned him prestigious accolades, such as the British Computer Society's Lovelace Medal. Ross's brilliant mind and passionate advocacy for individual rights have left an indelible impact on the field.
Rest in peace, Professor Anderson; your legacy will continue to inspire generations to come.
-- Yusuf Purna
The security community mourns the loss of my friend, Dr. Ross Anderson, a professor at Cambridge. He was one of the driving forces that linked security, cryptography, and economics. His classic book, Security Engineering, third edition, was the impetus for my new book on Insecurity Engineering. I would not have embarked on the project without Ross' suggestions, ideas, and input. He will be very much missed on a global basis.
-- Marc Weber Tobias
I am shocked and deeply saddened to hear that Professor Ross Anderson passed away. He was a giant whose work on security engineering, cryptography, and cybersecurity policy was so much more than just technical research. His insights into social and political impact of how security is applied and where the buck stops (like with issues of where the responsibility for stopping fraud lies or restrictions of access to cryptography) should remain a role model for all security professionals in terms of ethical responsibility of our work.
I remember very well that I hoped to meet Professor Anderson during the Cambridge International Symposium on Economic Crime in 2017 where he was scheduled to talk, but ultimately unfortunately could not appear. I regret very much that there won't be an another opportunity.
For those who might not be familiar with his work I can't recommend enough Security Engineering, which should be a mandatory reading for security practitioners and is unique publication in terms of how comprehensively it deals with the topic.
-- Kamil Bojarski
A huge loss to his family, his friends, students, and colleagues, and to the community. I've known Ross since before he finished his PhD (under Rodger Needham, who was also taken from us too soon).
I'm just stunned. I'm still having trouble processing that he's gone.
-- Matt Blaze
RIP to Professor Ross Anderson. He was the first and the main contributor of the whole economics of Information Security field and Technology Policy, among many many academic and non-academic other contributions he had, some of which can be found in his personal page and blog. I had the honor to defend my PhD thesis with him in my committee. May his way of thinking and looking at life continues in this world through his friends, colleagues, students and followers.
-- Samaneh Tajalizadehkhoob
I've been struggling to find any words at all right now. Until reading this.
But yes 100% the Ross I knew spent a huge amount of his energy helping individuals with their problems and stuck by those people for years at a time. He was not just political grandstanding on some important societal/political issue. I've known folks spend their lives doing one or other but rarely both like he did.
And yes he wasn't afraid to pick a fight and yes he could come down hardline on the opposite side of an issue to you, but those positions he held came from absolute sincerity, and you have to admire that.
I'm missing him a lot already
-- Mike Bond
I always loved hanging with Ross at Cambridge (in all of the various campus instantiations). Probably the most fun was being unruly in the Fellows lunchroom. He had a very fun spritely streak that I am glad to have experienced.
-- Gary McGraw
Very sad to hear of Ross Anderson's passing yesterday. The industry only moves forward when pushed, and few pushed harder than Ross.
I had the honour of being a reviewer on the third edition of his book, and to have the benefit of his professional input for over twenty years. If you ever thought you knew anything, Ross could definitely make you reconsider.
Despite the longer daylight hours the world is a little darker today. We are only lucky that Ross has left such a lasting impression that his legacy will endure.
-- Jon Geater
It's in large part because of Ross's advocacy and research that the security community now takes for granted that systems designers should think about the human outcomes of security. He changed the way people thought about security to the point where young researchers today (like myself) see it as almost obvious that we should remember usability, economic factors, etc. He gave so much and asked for very little, and he will be much missed personally and professionally.
-- Jenny Blessing
Sad to hear of the passing of Ross Anderson. For a lowly undergrad attending his security courses, the first few lectures seemed almost deliberately obtuse. Those that stuck around though were treated to stories of international espionage, incredible hardware hacks such as reading CRT displays through brick walls, and a cutting disdain for the overconfidence of governments and corporations in their technology twenty years ahead of its time.
RIP Professor, keep fighting the good fight.
-- Dan Borthwick
It is with sadness that I learned of the passing of Professor Ross Anderson. His pioneering work on security engineering and his deep involvement on issues of digital rights impacted so many. His Systems course at Cambridge was highly influential for me. The course focused on systems thinking within the field of public policy. We studied thought-provoking case studies to better understand why constructing, outsourcing or modifying complex information systems often fails. It soon became my favourite course to attend while at Cambridge and it impacted many of the choices I made in the following years.
Now working closely with software engineers at OffSec, I am able to further appreciate what I learned then. His words will continue to resonate: "Incentives matter as much as technology for the security of large-scale systems. Systems break when the people who could fix them are not the people who suffer the costs of failure."
-- Oriane Gaillard
Deeply saddened to hear about Professor Ross Anderson's passing. I was lucky enough to take his class while at the University of Edinburgh. His excitement and seemingly endless knowledge of everything security-related further ignited my passion for the field. In addition, he showed me great kindness through never making me feel bad for answering a question incorrectly during discussions and creating a classroom environment where students felt comfortable engaging with him.
-- Kristy Jorgensen
Got to know about the demise of Ross Anderson only recently. Felt very sad, I am a great fan of Security Engineering book by Ross. A text book for security professionals and is a one of the most valuable asset for security studies. Will miss him for sure.
-- Subramaniam Sankaran
I never got to meet Ross in person while visiting Cambridge to be honest, but looking at the great atmosphere around there among students and mentors of the different departments, one could tell with confidence that great science was in progress there. Great legacy never dies.
-- Alvaro G
Deeply saddened to know that Professor Ross Anderson is no more. He passed away last week at his home in Cambridge. I had known Professor Ross for more than five years now and got to spend some good amount of time discussing various cyber security problems and tap onto his vast knowledge and body of research.
This is a huge irreplaceable loss to the cyber security industry. RIP Professor Ross, I will always cherish our time together and will continue to draw from your research and its application to cyber security problems.
-- Vishal Salvi
Today, I mourn one of my teachers.
I didn't have the chance and honor to ever meet him in person, but, with his books, articles and publicly available lectures, he shaped my understanding of the IT security field like no other individual.
Today Ross John Anderson is no more and this is a great loss for our professional community. RIP and thank You for the wisdom You shard with us, Professor.
-- Michel Banguerski
Rest In Peace Professor Ross Anderson (1956-2024)
Ross Anderson has been actively involved in the Workshop on the Economics of Information Security (WEIS) for many years, one of the rare cybersecurity and data privacy events that impressed me and taught me so much. He has often participated as a speaker, panelist, or attendee at the conference. Additionally, Ross Anderson's research in the field of security economics, particularly his work on the economics of cybercrime and security investment, has contributed significantly to the discussions and advancements within the WEIS community. As a respected figure in both the fields of computer security and economics, Anderson's presence and contributions have helped shape the dialogue and research agenda at WEIS.
We must persistently and generously share cybersecurity knowledge, echoing the commitment demonstrated by Ross Anderson over the years.
At this challenging moment, my heartfelt condolences go out to Ross Anderson's family and colleagues.
-- Hadi El Khoury
I cannot believe this. Rest in peace Ross. I'll always remember the advice and the kindness support that he gave to me and my family in Cambridge. My most sincere condolences to all family and friends.
-- Sergio Pastrana
Prof. Ross Anderson was a great mentor to me. He was more than a giant in s&p. His deep passion and curiosity about humanity and human history deeply encouraged me. "We felt so ethereal as if we were ascending into heaven and becoming winged immortal." Ross will be remembered.
-- Jingjie Li
Today, I remember Professor Ross Anderson, a key figure in my journey as a security engineer. His pioneering work in chip card security had a profound impact on my career. His legacy at the University of Cambridge and in the field of security engineering will continue to inspire many.
Rest in peace, Professor Anderson.
-- Paolo Pochendorfer
I knew Ross in the mid-1970s when he was a rebellious undergraduate with a brilliant mind and joy for life. We picketed up again when we both started studying for belated Ph.Ds in the 1990s. He was still much the same as he was as an undergraduate but had acquired considerable wisdom. A marvellously complex man who had the gift of making things clear and simple. He will be greatly missed.
-- Keith Tayler
Ross Anderson has been one of my primary resources for information security engineering and I have often referred his work to my infosec students. Having trouble accepting that he is gone at age 68 or thereabouts, being a very seasoned old Phart of 88.
-- John Glover
Today I was reviewing the articles either authored or co-authored by Ross related to AI, LLMs and ML. Following that I was just reviewing the comments that Ross had made about being forced to retire from Cambridge, aged 67, in 2023.
Then I decided to visit the Schneier on Security site to gather more insight about the AI hype that seems to be gripping everyone. I am gob-smacked to learn that one of my all time favorite security gurus has passed.
Hard to fathom such a loss for this old Phart of 88 years. I guess there is truth to that old saying "the good die young". A devastating loss indeed.
Mere words cannot convey the sorrow to learn of this loss and then to try to offer condolences to his family, close friends and colleagues. R.I.P. and the heavens have inherited a very fine mind.
-- John Glover
This is the man who fought for crypto research to be fair and open across borders, and led the movement for US / UK to legally export crypto.
We have lost not only a great researcher and teacher, but the sort of man who led our community in standing up to bullies and politicians.
-- H. B. Acharya
Very sad news indeed for the security community. A man who was always honest and fought for justice in privacy. RIP Ross. You were a legend in Security Engineering. I even requested for my own professorial title in Security Engineering as I followed your steps.
-- Raj Rajarajan
This is deeply sad news. Professor Ross Anderson was one of the great influences that led me into the world of cybersecurity. His wealth of knowledge and championing of academic freedom and ethical research were simply inspiring. The world has just lost a titan of technology. My thoughts are with his family at this difficult time.
-- Colin Ife
We lost a valuable fighter. Ross was still a great privacy advocate during the recent crypto war renewal.
-- Frederic Martin
I had the privilege to work with Ross at SafeDoor, the high-security e-commerce startup I helped to launch in 2001. He was a very astute constructive critic. Incidentally, on that assignment, Ross brought along with him his student Richard Clayton, famous as the author of the Turnpike online software acquired by Demon during their spectacular rise. He was a fascinating man also.
Sorry to hear he is gone.
-- Rob Jordan
It is with great sadness that we were informed about the passing of Professor Ross J. Anderson. Professor Anderson's work on widening the scope of study of Information Security shed light not only on the technical but also the social and political aspects of the field. It was pioneering work. He will be sorely missed.
-- George Magklaras
Very sad to hear the loss of Professor Ross Anderson. I have had the honor of spending several moments over several years talking to him about decentralised offline mobile payments (without blockchains).
-- Arjuna Sathiaseelan
Very sad news for the security community. Ross and his student Nicholas Boucher gave a wonderful keynote at LangSec 2022, less than two years ago. He has been research active until the very end.
RIP, Ross.
-- Gang Tan
Very shocked and saddened by this news. Perhaps not everyone knows that Ross had a very keen interest in psychology too. We talked frequently about the application of inoculation to information security. Such a brilliant interdisciplinary colleague. He will be deeply missed.
-- Sander van der Linden
Security Engineering was - I think - my second ever purchase from a still burgeoning online book store named after a famous big forest. July 2001. One of those rare items you get disproportionately excited about receiving. Like a kid lusting after a toy for months finally waking up on Xmas day. Over the next few weeks poring over it, studying ever page and following numerous references, a kid hacker turned into an adult proud to now call a contentious hobby an 'engineering profession' and with a much, much broader perspective on the subject.
He's left a huge legacy. I'm sure I'll be stumbling upon his papers and enjoying them for decades to come. My condolences to his family, and all who knew him personally.
-- Blazde
Ross was really special - he gave no quarter to politicians or PR journos whose arguments and defences were filled with "special pleadings". All of us in the security community are going to miss him and his generosity with ideas. He could truly inspire great insights. One of his greatest gifts was in how he negotiated with Wiley, his publishers, so that his book Security Engineering is not locked away in a copyright ghetto. Instead earlier editions are available to freely download and the current edition has a limited life as a premium publication. His lectures contained infectious humour. I commend to everyone his fifteen lecture series which he made available during lockdown to everyone who was interested in these topics via the web.
-- Alistair Kelman
Had the pleasure of chatting with him over coffee at a security conference several years ago. Very knowledgeable and we hit it off, especially discussing security surrounding medical records and issues therein. A real gentleman.
-- Terrence Bayrock
I first noted his work when he first talked about Palladium/Next-Generation Secure Computing Base, which is not-so-slowly finding it's way into mainstream computing devices. He predicted what we are seeing now with locked boot loaders and the ability of manufacturers to prevent 'unauthorized' software running on a system years before it actually started happening. Considering he was only a few years older than I am now, it makes me think both of how little I've achieved in comparison, and of my own mortality.
-- Peter Gathercole
What a shock. The last time we interacted was when Ross very kindly let my son spend a day with the Security folks at the CL. A lovely chap. I will miss him.
-- Pilgrim Beart
Programming Satan's Computer and It's The Anthropology, Stupid! formatively influenced my approach to information security and privacy, and are perhaps two of my all time favorite security papers that I still occasionally re-read for inspiration/joy.
RIP Prof. Anderson :(((
-- Lizard Queen
May Ross rest in peace. He was one of my cyber security heroes. He will be remembered for his leadership.
-- Amgad Fayad
Our paths occasionally crossed, mostly by "electronic means" as has been the way society has turned these past three decades.
Ross had a passion for the well being of people against those that would seek to do them harm. Thus had a very real interest in their privacy and security in the changing face of society and economics the technology brought.
From memory our first direct contact was back in the early 1990's over the use of RF to force free running logic circuits to become synchronised (injection locking). Thus opening a doorway to other attacks on the likes of Smart Cards.
As part of it I pointed out that the use of RF was a two way street, not only injecting signals in but also for pulling them out (which I'd demo'd on pocket gambling machines and electronic wallets). Back then the general assumption was "TEMPEST" was sufficient and if it did not radiate then it was secure. As PC's were mainly steel boxes with few cables entering or leaving thus approximated faraday shields many thought they were secure.
This was not true as I'd found by independent research that by "illuminating a current carrying conductor" you could get it's waveform to be carried away by an RF carrier a considerable distance.
As I mentioned to Ross back then the keyboard cable was the easiest cable to attack with RF. It also had the advantage of being at "the users fingertips" input interface. Thus was an especially useful attack vector as it would reveal passwords and other secrets (a fact not lost on later developers of hardware "key-loggers").
Ross was kind enough to put me in contact with another researcher in Belgium who was investigating injecting pulses of energy into chips via "pico-probe" coils.
Ross had a reputation amongst some of possessing "a sharp tongue" and both a wry and dry sense of humour. The latter I saw pop out from time to time but the sharpness of tongue only on those really deserving of rather more due to the injustices they inflicted on others.
Like many others I always found Ross to be approachable and gentlemanly in a way seldom seen these days, and he would often go out of his way to not just help but inspire people a rare quality the world could do with a lot more of.
Less well known is Ross had an interest in music and actively researched it. So for Ross, Highland Cathedral played by "The Phantom Piper". In memoriam Ross, rest in peace.
-- Clive Robinson
Sound the pibroch loud and high. We lost Ross Anderson yesterday. He was many things: security researcher, teacher, cryptographer, blogger, Cambridge professor, consultant, conference organiser, FRS, FREng, campaigner and piper.
If you want to understand cybersecurity, there is no better way to start than by reading Ross' book: "Security Engineering". Typically for Ross, chapters are freely available on Ross' home page at the Cambridge Computer Lab. Or by watching the Security Engineering lecturers he recorded with Sam Ainsworth (Edinburgh University) and uploaded to YouTube.
Ross showed us the importance of thinking clearly about security. Not the hype, but the engineering.
He was always willing to listen to new ideas, consider them fairly and to share his insights. When I started thinking about the implications of Post Quantum Cryptography it was Ross that told me to think about compliance, audit and cyber-insurance in large enterprises.
Ross' legacy is in the students he taught, the PhDs he supervised and the people he inspired. I will miss him.
-- Zygmunt Lozinski
He was a great inspiration and I will always cherish his lessons
-- Marco Caballero
Ross was a legend. The academic and hacker communities have suffered a tremendous loss here. His name will carry on into eternity.
-- Meredith L. Patterson
I am going to miss chatting to Ross about security and privacy news, and his support for several public events I put together. Condolences Shireen and all the family, friends and colleagues.
-- Tony Naggs
That's tragic news and hard to believe, as I received a typical "what's going on in..." email from him just a few days before, asking about the ongoing smart metering fiasco.
Ross was such an inspiration and this is a great loss. I hope that his pioneering spirit has been passed on to the generations of students he taught. I think everyone who met him learnt something. We need to honour his memory by applying those principles.
-- Nick Hunn
Professor Ross Was one of my teachers at the Computer Lab. I had frequent emails with him even years after I left the lab. His strong desire for security really put it even more into me.
Once in class we were discussing vulnerabilities in vehicles, this was about 4 years ago. He asked "whats the worst attack one could do", he got super annoyed that we didnt have a good answer, banged his hand on the table, full-red faced shouted "No, the worst attack is to remote compromise the cars, lock all the doors, increase the heat, put them drive and kill everyone". Well, he was right, that was the worst attack. You could see from his face he was dissappointed his students did not realise, maybe he felt bad of his teaching, but his teaching was phenomenal.
It is really a sad day, the world has lost one of the worlds best security professors ever. He will be dearly missed.
He taught me the tricks he used to get people in power to listen, advice I would never forget.
-- Anonymous
Ross gave a 80-minute interview to Elisabetta Mori of Archives of IT on March 12, 2024, two weeks before Ross passed away. He talked about his childhood, becoming interested in math and later security, his consulting career, and later how he decided to seek a PhD.
Ross was very generous and welcoming to me and my research. It didn't matter that he was a one of the most accomplished people in security—he was open to new people and ideas in security. And he was a gracious host for the Security and Human Behavior workshop. I'll always remember punting with Ross on the River Cam.
-- Tony Vance
Prof Ross had a truly brilliant mind and a big heart. My exchanges with Prof Ross ranged from having picked up a small discrepancy in his masterpiece Security Engineering (I was later chuffed to learn that I was the first of two people that had), to incorporating his amazing lectures in some of my own course design and delivery, to chats about the Crypto Wars, among some other topics. All too brief now. Prof Ross was a giant of the security world, who leaves it a better place. My thoughts are with Prof Ross' family. Truly one-of-a-kind.
-- Ben
Prof. Ross Anderson interviewed me for MPhil ACS in 2020. Sad to hear of his passing. RIP.
-- Abdul Basit Chaudhry
Professor Ross Anderson - RIP. One of the greats.
-- Raymond Pompon
Sad news. Ross was a legend.
-- Mikko Hypponen
RIP. His book is a must. I wish I had found it earlier in my career.
-- Martin Obiols
We mourn the loss of security researcher Ross Anderson. His contribution to information security and digital privacy was significant. His book Security Engineering is a cornerstone for everyone diving into the complex world of digital security. Ross taught at the University of Cambridge and Edinburgh University. He was a very prolific writer and published insights into the technological aspects of information security. He will be missed.
-- Rene Pfeiffer
Prof. Ross Anderson, RIP.
I've learned a lot of things through his book, that sometimes, I used it as a technical reference for security research. I love his style of explaining complex things in a simple way - and, I've never had the pleasure of meeting him in person.
-- Aron Okbajohannes
I wrote to him during lockdown because I found his book free online and there was an error in one of the chapters. He didn't know me at all but he was so gracious receiving comments from me. It seems a great shame that I will no longer be reading anything by him.
-- Phil Maud
On this special Ching Ming lunar day, learned the saddest news of Ross' unexpected very early departure announced officially yesterday -- his intellectual inspiration, intelligent innovation and international impact throughout his time as my dissertation supervisor and the time beyond shall be greatly missed by all who knew him -- thank you for your commitment, contribution to our growing academic genealogy in science and technology from GG and IN... R.I.P. Ross [candle]
-- John Li
Ross Anderson passed away last night. Very sad and unexpected news.
Among the many contributions that others will highlight, Ross took the initiative to create Fast Software Encryption in 1993 - a small workshop in Cambridge that started a vibrant research community.
Today was the last day of FSE 2024 in Leuven.
-- Bart Preneel
Very sad news indeed. As well as being an undisputed expert in his field, Ross was a very nice guy. I remember visiting him in Cambridge and being quite surprised by the extent to which he was up to date with modern theoretical physics. I suspect that this was only one of many hidden talents. Terrible news.
-- Steve Purser
I had the luck to meet prof Ross Anderson at several occasions in Cambridge (as Fellow at the University) and it is incredible to learn that he passed away. Much too soon for such a bright mind.
-- Florent Frederix
I'm really broken by this bad news. Ross was a friend, a coauthor, an advocate of the strong privacy, as me, and helping really the people in need against the arrogance of some british banks. He wrote a very important book about cybersecurity, still in use. He was a brilliant orator at many conferences. Creator of links. Don't forget him. Let us create a prize with his name.
-- Jean-Jacques Quisquater
I met Ross at a College dinner -- when he'd arrived hot-sandaled-foot from one of the early Glastonburys with a college gown hastily pulled over his festival gear. For all the reasons people have given above, I became a keen admirer of his computer security work and his Feynman-esque ability to cut simply through nonsense. "Nullius in verba" indeed, a fine life and a loss to all.
-- Dirk Fieldhouse
A great loss to his family and friends and the world. I met him a few times, he pushed back against the BS so rife in the country, told it as it was.
-- D Evans
I still remember the day in 2023 when Ross and I had our PhD interviews together. He shared his story about his PhD journey with me. Rest in peace, Ross.
-- Peilun Wu
Very sorry to hear the sad news and loss of Ross Anderson. Met Ross many times to discuss the security shortcomings of design decisions of the past, the challenges of today and emerging concepts in security we need to address in the future. He was a pioneer in security and a titan amongst peers with a dedication and wit to match.
-- Gilbert Verdian
RIP Ross Anderson
He was one of that generation of scientists who wrested modern cryptography from the military and turned it into a public good.
-- zooko
An awful shock. Not sure whether I don't slightly blame the University of Cambridge (since the mind casts around for cause at random horridness of the world), given Ross had been complaining about the retirement policy that was pushing him out while completely all there.
-- Guy Herbert
RIP Ross, you did your best to keep me up to the mark.
-- David Anderson
Very sorry to hear of the passing of Ross Anderson. We were privileged that he came to a workshop that informed the malicious use of AI report, where his insights were deep and invaluable. Not just brilliant, but also clearly a deeply moral man.
-- Sean O hEigeartaigh
Ross was a delightful person. He was a true advocate of security and privacy. I remember going into a debate on this with him and crossing ideas. Ross is a genius and his name will live forever.
-- Brecht Wyseur
As well as being a "security person", Ross was a secure person. By that I mean, regardless his status, he had time for others. For minor professors from backwater universities and their students. Sometimes I sent students his way with something I didn't quite get, and they'd come excitedly into the next lecture saying "Hey, Ross replied me!", and we'd go through it together.
If I felt intrusive, as if wasting his bandwidth with my ideas, he'd reply in depth, warmly and humorously, validating, suggesting further research, encouraging.
We enjoyed talking about clear communication and writing, about the least words to say something, about publishers, and about the failings of academia as a place for security research.
Only later did Ross twig who I was in previous life in sound physics and we were able to briefly touch on a love of music.
It's said that the definition of a gentleman is someone who knows how to play the bagpipes but chooses not to. Ross Anderson disproved that, as a piper and a gentleman.
-- The Cyber|Show
My deepest condolences to you and everyone whose life he touched. He not only possessed a brilliant mind, but the even rarer ability to clearly explain his insights.
-- William
I met Ross when I was the security reporter for a computer trade weekly. He was unfailing in his patience with me, always ready with a quotable comment, and most importantly, respectful of my deadlines. He was rare indeed. The world seems a little darker without him in it. To his family, I am sorry for your loss. He is irreplaceable.
-- Ian Grant
Sorry to hear of the death, at 67, of Ross Anderson, a long-time denizen of the Cambridge University Computer Lab, true greybeard and one of the cybersecurity greats. I knew him (though not well) both professionally and personally, and he was an insightful, passionate and hugely intelligent man. His book Security Engineering is by far the best in the field, and my go-to suggestion for anyone serious about building a career in security. I salute him (and his bagpipes).
-- Mike Bursell
Ross was a significant, if understated influence on our encryption advocacy work over recent years. His defence of secure systems that protect confidentiality was factual and balanced. I will remember him as intellectually rigorous, principled, and above all, humane.
-- Robin Wilton
Ross Anderson coauthored my 1st publication on work that eventually evolved into my PhD thesis (on secure routing in decentralized networks). I was a theorist, he brought pragmatism to the subject from deep experience.
Still influences my worldview 20 years later. Rest in peace.
-- Chris Lesniewski
No!!! Can't believe it! So sudden! Deeply sad! He was a gem, learned tons of things from him. His legacy will stay with us! Rest in peace and light!
-- Derya Karli
Oh no, I hope he rests in peace. I read many of his ideas which led me to choose a career at the intersection of cryptography and economics. Thank you for everything.
-- Abhimanyu Nag
I have met Ross for the first time at FSE 1999 (in Rome). And a few other times over the years. Ross had a deep understanding of security - not just the technological aspects of it, but also the societal aspects of it, which back then was not a common approach.
-- Orr Dunkelman
Ross also provided a lot of his work for free. Which is incredibly generous, as his work is excellent. It's through the distribution and sharing of ideas that we learn, and this only happens due to the hard work of champions of academic freedom. There are few among us.
There is no freedom without knowledge. It is the essential tool with which we overcome fear and misunderstanding. With understanding we learn to avoid repeating catastrophic mistakes.
Cambridge Computer Laboratory and the people who have worked at Cambridge have contributed an enormous amount to many subjects, efforts which have often been crucial for important issues. Freedom of communication, government overreach, chat control and backdoors...
Without people like Ross Anderson such knowledge remains locked up and inaccessible.
-- ResearcherZero
As a professional with only tangential conections to the security world (20 odd years ago), his work and unexpected insights pulled me closer and closer. It started to be more like a philosophic aproach to the enderstanding of various incredibly complex systems and I enjoyed it tremendously (still do).
R.I.P Mr. Andersson.
-- Anonymous
I was in the room when Ross was summoned outside and served civil papers that halted in the nick of time his presentation regarding the Millenium Digital Copyrights Act. Let us not forget his self assured sense of independence and liberty and his brilliant, side splitting sense of humor. For example, as demonstrated in his short speech when he returned to the podium still holding his latest book displayed full frontal in front of his heart, as he had just done while the press shot pictures of him being served the papers and asked him questions after.
What a guy. I still use to great effect a few quips he made during our brief conversations during a riverboat ride at that conference.
-- Steve Russelle
A sad loss. Security Engineering is one of the best and most readable technical books I've ever encountered, and was very formative in my understanding of computers. Pick up a copy and read it in his memory.
-- Tiarnan de Burca
So sad hearing this. Ross was an incredibly useful source because he would tell you fiercely and immediately when you were wrong. He was the person who helped me understand the DeepMind/Royal Free story, by walking me through the Information Sharing Agreement
-- Hal Hodson
That's a tragedy. A really exceptional man and we lived on the same staircase as undergraduates in Cambridge and then my office in the Computer Lab was 3 doors from his.
-- Stephen Allott
Very sad to read of the passing of Ross, who I had come to know recently through Churchill college, where he had been a very active SCR member. A very distinguished academic at the cutting edge of data security, he is succeded by the countless numbers that he educated.
-- Will Watson
This is such sad news. RIP Ross. We didn't always agree but I hugely respected your intellect and what you did for the community. Gone but never forgotten. Your work will be your legacy
-- Wendy Hall
I'm so sad that we've lost Ross. He was so supportive and helpful when I co-founded the Open Rights Group, and never minded when I asked him stupid questions. He was a titan in the digital rights and security world, and he will be hugely missed.
-- Suw Charman-Anderson
We will miss you - your tireless pursuit of a better digital world with privacy and security, your critical voice, your sound contributions. You were a great teacher and role model for students throughout the world! Thank you for taking your time to teach us.
-- Janni
I was absolutely shocked yesterday to find out that Prof Ross Anderson died on Thursday.
He was a brilliant man, a pioneer in cybersecurity and had a strong sense of justice. And from personal experience, he had a lot of patience when explaining complex technical jargon.
RIP
-- Oliver Price
I only knew of Ross through his publications, but greatly appreciated the work he did to bring the topic of Computer Security into the public domain. His wider activity as a fearless expert in the field shone a bright light on concerns which many would have preferred not to be known about - and were again of great interest to the likes of me trying to maintain an awareness of the issues that affect important aspects of our lives.
I have seen several accolades written by those who knew him personally, and this adds to the sense of loss. He leaves a great legacy, and I hope others will be inspired by his life and work.
My condolences to his family, friends, and colleagues.
-- SCP
So sad to hear this. I had just ordered the latest edition of his Security Engineering book. Read lots of his security rated papers and I was once a student of his Security Economics program on EDx. We lost a great mind way too soon. May his soul rest in peace.
-- Amakiri
I met Ross once, some 30 years ago, at a business meeting for editors of a set of journals, so I can't claim to have known him well. But I still remember that his presence in the room was electric, and the breadth of his knowledge and his natural authority were striking. One of those people whose presence stays with you for a long time.
Condolences to his family, friends and colleagues.
-- Robin
This is so sad. We should remember one other thing about which Ross was passionate: playing the bagpipes. He told me that he played pipes in pubs to make money in college, and the nice thing about being a piper is that there were no other members of the band with whom you had to split the money. I remember sitting in his yard listening to him play a small set of pipes at the end of the day. As with anything else, he was very scholarly about piping--he corrected the music historian at the BL about the attribution of one piece because the tune contained a note too low for the pipes played by that piper to sound. He was a man of many talents. We will miss him greatly.
-- David Clark
Hearing it was a shock, in part because Ross was only a little older than many on this blog.
In part because Ross was an individual who was dynamically alive. Not just curious about all around but determined to find out not just why, but where things were destined, and where appropriate warn.
He will be missed not just by the people that knew him, and knew of him through his work and influence, but also by those that he would in his gentle way have helped.
As always it's difficult to describe in a few words what a person ment not just to yourself, but others. In Ross's case this is made all the harder because of his nature, his kindness and his desire to lift others up.
There is a belief in some Native American and other belief systems that you live on in others thoughts and memories.
So, Ross, may your spirit carry on to invigorate and teach others both in knowledge, capabilities and honesty of behaviour and purpose. And may others come to know you long into the future.
-- Clive Robinson
Ross Anderson did so much for awareness and understanding of practical security challenges, and ways to respond to them. I learned so much from Security Engineering, and have greatest respect for his insights. One of the Best. His death has left a void.
-- Ouch
A great loss.
But he was inspirational for many, and I hope that inspiration kindles more enthusiastic, brilliant, opinionated, articulate, (curmudgeonly), and kind people who can stand on the shoulders of this giant and make the (security) world a better place.
He set an example that is difficult to exceed. I wish every good fortune to those who can, and will.
While his academic work speaks for itself, I hope others will take up the cause of the 'little people' being steamrollered by large organisations. His work as an expert witness for people suffering financial loss due to the poor processes of financial institutions affected many lives in a positive way. He was very angry at people's mistreatment.
His family can be proud of what he achieved.
-- Cassandra
I'm deeply sorry to hear this. Anderson was a major force for good in our world.
-- John Beattie
While I usually don't like praising the deceased as if they would have been flawless saints, Anderson was among the greatest, the security and crypto scene has ever had. His textbook "Security Engineering" is a pure stroke of genius, simple but still deeply profound. This is a giant loss for all of civilized mankind, a loss that can't be mourned enough. Very, very, very sad.
-- John Doe
I am very sad to hear this. I implemented the Tiger hash in .NET almost 20 years ago. Brought it up to date two years ago: https://github.com/jslicer/Aesop.Tiger . We had a great conversation about it in 2005. My condolences for the loss of your close friend and colleague.
-- Jesse Slicer
I feel for the loss and the solidarity and the resonance.
-- Still Not ForgettING
Even amidst the high standards at Cambridge, Ross stood out as a towering intellect. Sharp mind. Blunt speech. Great bagpiper. If you were with Ross, you knew there'd be a story.
Our thoughts are with you, Shireen.
-- Matthew Agarwala
I have just seen this very sad news. I had only a handful of - always memorable - interactions with Ross, at Churchill College events. He was quick, witty & kind. A great defender of academic freedoms. He will be missed in Cambridge & beyond. My condolences to his family and friends.
-- Paul DW Kirk
Very sad to read of the passing of Ross, who I had come to know recently through Churchill college, where he had been a very active SCR member. A very distinguished academic at the cutting edge of data security, he is succeded by the countless numbers that he educated.
-- Will Watson
This is very sad news. One of the giants of our industry and on his shoulders many stand. His books on Security Engineering are always my go to guides. May he rest in peace and my condolences to his family, friends, and colleagues
-- Brian Honan
RIP Ross Anderson - a pioneer in security and privacy research, and pretty much the first to not only recognise the importance of both economics and human behaviour in security, but to then do something about it. He will be sadly missed.
-- Adam Joinson
Such an important figure in UK and EU debates on encryption and surveillance for decades; and a very supportive teacher and colleague to so many, including me. RIP Ross
-- Ian Brown
Huge loss. Wonderful man
-- Pamela Samuelson
So sad. I can recall discussions about security back when we were both undergrads at Cambridge. He will be missed.
-- Philip Gladstone
Ross was a giant in his field and a truly kind man. Huge loss.
-- J. Alex Halderman
An absolute inspiration. Foundational. Deeply, deeply missed.
-- Joss Wright
As a student of both economics and technology, I found Ross Anderson to be one of the true thought leaders. I'm saddened to hear about his passing.
-- Rob Wiest
I've known Ross since the 1980s when we did an encrypted email project called Ciphernet. I've spent many happy hours being inspired by lectures and conferences he organised. He will be sorely missed.
-- Keith Lockstone
I met Ross in 1995 at an OMG meeting in Cambridge. I was immediately impressed by the clarity of this thinking and the elegance of this writing.
We have lost one of the best.
-- Tom Van Vleck
It's a shock and a huge loss. Ross opened so many eyes through his research and writing, and was a tireless and kind mentor. My deepest condolences to his family and friends. May his memory be a blessing.
-- Peter Honeyman
Ross was the best kind of squeaky wheel. There was logic and principle behind every squeak. Also, kind, modest, and very civilized. (I really wanted to hear his bagpipe playing but never did.)
I'll miss him greatly.
-- Mark Seiden
Gosh, that's a shock! He was my age near enough. I have known Ross Anderson (though not well) since he was a contemporary of mine as a Cambridge undergraduate. This is a huge loss to the cyber-security community.
-- Kim Spence-Jones
Sad news. We corresponded decades ago on a potential project and he was kind to a naive boy with an idea and potential funding.
-- Alex Melichar
Total shock! Ross was a wonderful Churchill colleague and the best kind of lunch and coffee companion. Fullest commiserations to Shireen and family at this terrible shock.
-- Dr Christopher Catherwood
I am still trying to take it in. Ross telling me that he thought I was a good writer, is one of the best compliments I have ever received
-- alecm
A big loss -- when Ross spoke, I always took time to listen.
-- John E Dunn
Very sad devastating news... his books are a treasure. Surely a big loss . Heartfelt condolences to his family and our fraternity.
-- Seema
I am incredibly saddened by these news. Ross has been a giant of our field, a person of integrity, and will be sorely missed.
-- Stefano Zanero
RIP Ross. My condolences to his family friends and colleagues. He will be deeply missed by huge numbers of people.
-- Ian Johnson
Greatly sadly missed!
-- Douwe Korff
Very sad to hear. Rest in peace, Ross. A big loss for us all.
-- Stephan Engberg
Sad to read this. What a legacy.
-- Jan Muenther
Rest in peace Ross. Such a tremendous friend and colleague. What a loss.
-- James Cronin
What a loss for the world of infosec
-- Rodolfo Rosini
:(((( devastating news. Thanks for everything, Ross. You'll be missed.
-- Gianluca Varisco
As did so many others, I learned so much from his work. Condolences to you and the family.
-- John K
Sad news indeed.... The loss of a titan...
-- Bruce Thomson
RIP. A true North Star and a wonderful and caring human.
-- Richard O'Brien
This one was a forerunner in the online Privacy and Civil Liberties movement and will be dearly remembered.
-- Coaden
Oh no, that's bad. He brought a lot of sanity to the world
-- Jeff Burdges
Very sad news. We served together on the university's Board of Scrutiny.
-- Brian Sloan
Oh no, I hope he rests in peace. I read many of his ideas which led me to choose a career at the intersection of cryptography and economics. Thank you for everything.
-- Abhimanyu Nag
A sad moment. A great intellect and mover.
-- Don Beaver
That's really sad news. His brilliant, humorous, critical view on may things in security and beyond will be sorely missed.
-- Eduard de Jong
Sad to hear that. RIP. I love his writing, and he was such an inspiration!
-- Aysajan Abidin
So sorry to hear this unexpected news! A friend of many years.
-- Vijay Varadharajan
Ross was a legend, not only a brilliant scientist and teacher but someone who cared deeply about the impact of technology in society.
-- Andrei Serjantov
Tragic News and a big loss for the community. Thoughts are with his family and friends.
-- Roman Weinberger
This is a shock! Ross's influence is very far reaching, certainly on my career for one. He will be very sadly missed.
-- Craig Heath
A life dedicated to his passion. He will be sorely missed. Rest in peace Professor Anderson.
-- Fabio Cerullo
It is so sad to hear that Ross Anderson has passed away. Ross made many contributions.
-- Amir Herzberg
A sad day for the security community...
-- Dr. Evangelos (Vangelis) Gazis
Very sorry to hear the news; He was a legend and an inspiration to generations of undergraduate, PhD students and researchers. His work and his stories will live on.
-- @cryptohog
A life dedicated to his passion. He will be sorely missed. Rest in peace Professor Anderson.
-- Fabio Cerullo
R.I.P. - We only met once in person a couple of years ago. I always hoped it would happen again. Still can't really believe it. My condolences to his friends and family.
-- Savek
Ross was one of a kind. Very sad news.
-- Quentin Stafford-Fraser
Rest in peace Ross, you will be missed.
-- Vasilios Mavroudis
Condolences to the family. "Security Engineering" is the seminal work on modern computer security. It should be mandatory reading for anyone in the field. It greatly influenced my career choices.
-- Camillo Sars
I am very sorry indeed to hear this.
-- Alan Stokes
Too much of a loss for us.
-- Alfred Chen
So sad to hear this. Ross was a giant.
-- Herbert Bos
Rest in peace to a brilliant mind and lifelong champion of privacy. You will be sorely missed by the community and all of us @EPICprivacy
-- Alan Butler
Sad to hear that he has died. Appreciated his work and his commitment to making it available on the Internet without charge.
-- Steve Schmidt
Oh no :((( He was a hero of mine...
-- Mate Soos
We've lost a giant
-- Charles C. Palmer
Oh my god I have just seen the email. What a terrible shock and huge loss. He was a titan.
-- Silkie Carlo
Very sad news. Deepest sympathies to Ross' friends and family.
-- Jonathan Luff
I've been hugely inspired by his writings. This is sad news.
-- Anthony Rosborough
May he rest in peace. Memory eternal
-- Maria Luciana Axente
This is very sad news. We were talking together about security politics and computing in Edinburgh only days ago. Condolences to his family and all close to him.
-- Gavin Sullivan
That is terribly sad, and quite a shock. Rest in peace.
-- Lorenzo Pacchiardi
Sorry for the loss. May his soul rest in peace. I benefited from his research works
-- Timothy Tion
His books are well written classics that are enjoyable to read as well as being instructive. Great instructor with a wealth of knowledge now lost :(
-- Mitchell Impey
Such a loss, one of the greats. He will be missed.
-- Matt S.
Very sad to read this. A man of great wisdom. My thoughts are with his family and friends.
-- Mark Knight
Rest in Peace. Still remember a full day spent with him in Cambridge and long discussions on Telco security.
-- Ravishankar Borgaonkar
Very sorry to hear this. Deepest sympathies from the Criminology and wider team at Birmingham City University.
RIP
-- Matt Phillips
A huge loss. Thanks for everything, Ross. You'll be missed.
-- Andew Watson
Best educator and security expert the world has ever seen
-- Nicolas T. Courtois
I'm so sorry to hear Ross has died. He was always so expert, so reliable, so willing to tell you what you needed to hear or know, and such a tremendous knowledge on encryption. A real loss.
-- Renate Samson
Incredibly sad news, I'm sorry for your loss. I had the first edition of his book in uni and have been recommending the subsequent editions to colleagues since, and they've always appreciated it.
-- Sigvat
Sad loss. I managed to engage with Ross on a few topics, including his review "the Database State", and met him a couple of times various conferences. Always clear and helpful. His work on Security Economics is, I think, really useful and a helpful counterpoint to the 'set it in concrete' approach.
-- Tim Coote
A terrible, terrible loss.
-- gabe
Sad news indeed. The world is poorer today.
-- Kim SJ
Awful, awful news. A true pioneer in security.
-- Herb Lin
Ross as a great researcher/enginner and a great guy. My respects to the family.
-- Ira Moskowitz
Dear Ross - so many quirky, lovely and downright funny memories of you.
-- Terri
I will miss the conversations about piping and the latest developments in computing on the way home from the London Northumbrian piping sessions.
-- Edric Ellis
With fond memories of many very enjoyable sessions playing our Northumbrian small pipes - such a sad loss.
-- David Somerville
A great loss, our thoughts are with his loved ones.
-- Beverley and Kendal
A great character (and Scotsman) who proudly wore his heart on his sleeve. How we will m miss his wisdom and passion.
-- Anonymous
To the memory of a great man. We miss you.
-- Anonymous
He taught me so much about so many different things and will be much missed for a long time.
-- Anonymous
Burns seems fitting. "The friend of man, the friend of truth; The friend of age, and guide of youth. Few hearts like his, with virtue warm'd; Few heads with knowledge so inform'd." Much missed.
-- Anonymous
In memory of a spirit that was perhaps best known as security conscious but who on occasion could throw security to the winds as when piping while walking up a steep stair!
-- Anonymous
A great man with a legacy that will forever span cyberspace. Grateful to have the chance to learn from, and be inspired by, him.
-- Nick P
A huge loss to so many people on so many levels, but a huge privilege to have counted Ross as a wonderful friend.
-- Liz
We sadly never met you and are sorry to have been denied that privilege.
-- Clint & Pippa Shepherd
Ross was an inspiration, and a motivation for us to both educate and fight. Trees are a wise choice for remembrance.
-- Laura
RIP Ross. You will be greatly missed.
-- Pat Walshe
A towering figure in computer security.
-- Alan Bundy
I feel fortunate to have had the opportunity to meet and work with Ross. His contributions and presence at the School are greatly missed. My deepest condolences to his loved ones.
-- Marc
Ross will be greatly missed by everyone in ICSA and well beyond. My thoughts are with his family in these difficult times.
-- Paul Patras
Very sad to hear this. I remember emailing him about a newbie question I had about a topic in his Security Engineering book, and he responded very kindly with a detailed explanation that corrected my misunderstanding. Which was really lovely of him. A genius and a gentleman. Rest in peace, my condolences to all who knew and loved him.
-- criptoe
Very sad to learn of his passing. I came across his work after Bruce Schneier posted a link to a pre print of Ross's Security Engineering tome. His clarity of thought and effortless navigation through this complex landscape has been inspiring. Also discovered subsequently his fondness for traditional pipe music and that he busked in his younger years.
A great person - may others bear the light that he brought.
-- leavenotracks
Ross Anderson was indeed a giant, not just in computer science, but also in his work on the politics and ethics of the influence of computing in our lives. The world is lessened by his passing, but his work lives on in those he has inspired.
-- lambdaone
This was really sad news; his Security Engineering probably did more than any other single textbook to influence my career and making me a better engineer in the process. All the examples of bright people having made systems which turned out to be more brittle than the designers assumed really drove home the point that even 'simple' tasks are HARD.
-- lb1lf
Just met him vicariously and watched his first "Security Engineering Lecture 1" and I miss him already. He seems like a genuine soul.
-- eYrKEC2
A huge loss, especially in the public arena, where the combination of vast expertise, academic authority, and the courage to speak truth to power is too rare. He was also a gifted communicator - both his lectures and books were not just filled with insight, but compelling to watch or read, in stark contrast to much academic work.
-- ajb
Ross Anderson embodied a lot of positive principles in the security community. His book on Security Engineering (2nd edition is the biggest book on my bookshelf) patiently laid out principles of good security design, and tied it to examples in the real world for designs and bugs. Releasing old editions for free was the cherry on top for making his knowledge available to others.
-- er4hn
I still remember an undergrad group project at Cambridge where we were in the Computing Lab discussing how we were going to build an online voting system - I said "We can worry about security later...." only to hear a deep Glaswegian brogue behind us "Oh Really?! Tell me more...." as we all turned around in horror.
-- srb24
Very sad to learn of his passing. I came across his work after Bruce Schneier posted a link to a pre print of Ross's Security Engineering tome. His clarity of thought and effortless navigation through this complex landscape has been inspiring. Also discovered subsequently his fondness for traditional pipe music and that he busked in his younger years.
A great person - may others bear the light that he brought.
-- leavenotracks
This is very sad news and a huge loss for the computer security community. RIP.
-- rvz
Ross Anderson was a legend and his work heavily influenced my professional career. He will be missed. May he rest in peace.
-- bunnie
He was a pioneer in computer security and was essential in kickstarting the important field of security economics. So sad to hear about this.
-- als0
The lecturer I remember most, and most fondly. Very sad news.
-- Anonymous
... and thousands more that I may have missed ...