In Loving Memory of Ross

This is to preserve cherished memories shared by Ross's friends, students, colleagues, and those who had not met him but learnt lessons through his book. I went through online places to collect all public tributes, and also include private messages through internal emails and handwritten notes with consent.

I believe future generations, including myself, will learn invaluable lessons from these remembrances by gaining a deeper understanding of Ross's vast contributions and how nicely he treated students and colleagues. If you have something to write but have not yet shared it, please reach out to me and I will help archive it. I will keep these online as long as I could.

In memoria: Department of Computer Science and Technology, University of Cambridge | School of Informatics, University of Edinburgh | Churchill College, Cambridge | Communications of the ACM | BBC Last Word | Computer Weekly | The Record | The Register | Hacker News | Light Blue Touchpaper | IAPP | Open Rights Group | WEIS | Bill Buchanan | GBHackers | Paul Ducklin | Virus Bulletin | Archives of IT | WEIS Panel | SHB Panel | A Celebration (Churchill College, Cambridge)

I remember I first met Ross around 1993 or 1994. I was working as a research engineer in an industrial lab in Cambridge, I was a kind of crypto nerd all excited about PGP, and I heard of this public talk at the University entitled "Why cryptosystems fail". So I went along, one evening, and I think it was the first talk I ever attended at the University of Cambridge. This speaker, of whom I knew absolutely nothing, talked about how banking systems claim to be infallible but in fact make a number of engineering mistakes that enable a variety of frauds. He explained the frauds, not in the abstract but with reference to actual cases, and daringly asserted that the banks made the mistakes but denied the evidence and blamed the victims. Wow, that was hot stuff! I was riveted in my seat. We need people like this to tell it straight, stick it to the man and defend us poor consumers, I thought. Who is this guy? I didn't know it then, but the speaker was just a lowly PhD student, a mature PhD student of computer security pioneer Roger Needham. He had graduated from Cambridge in maths some 15-20 years before and had since worked around the world, from the Far East to South Africa, in a variety of fields, including banking. And then, having saved enough to pay for graduate studies, he had gone back for a PhD, and he had taken to research like a fish to water. This was to become his first high profile paper, officially published in late 1993 but I wasn't able to reconstruct whether he gave that talk in the Babbage lecture theatre before or after publication.

In the meantime, a few years after attending that lecture, I too came to the decision of returning to University to earn a PhD as a mature student. As I looked for a supervisor there and considered various options I found him, by then a newly minted lecturer in the Computer Laboratory, what we would now call an Assistant Professor. He had half a dozen PhD students and had not yet graduated a single one. I had a couple more options on the table but it is largely on the strength of that first impression from his lecture as a mature student that I told myself: if I'm going to do a PhD at Cambridge, I can't miss the chance of working with this guy. This was the summer of 1997; by then he'd been a lecturer for a couple of years, and he did not seem too keen on taking on one more student on top of the ones he already had. I remember an early email exchange in which I mistakenly referred to him as English, to which he promptly and vehemently responded: "I am not a fucking Englishman!". I cheekily wrote back "I'd rather be a fucking Englishman than a non-fucking one". Shortly afterwards I received an acceptance letter as his student.

I started attending the security group meetings, ahead of my official start which would have been the following January, and got to know his other students: Harry, Fabien, Jong-Hyeon and Abida, joined in October by Markus who was at the time completing his Master's course in the US but had already coauthored with Ross in 1996: that paper, "Tamper Resistance: a cautionary note", soon became a classic. Maybe Uli was already there too, or he joined around that time. I started getting invited to the lavish dinner parties that Ross and Shireen frequently hosted for the security group, in their faraway home in the middle of nowhere ("that's the only place I could afford a big house and nice garden even on my lecturer's salary"). There were many more people at these parties than just Ross's students: it seemed he knew everyone and was quite inclusive in his invitations. One of these parties I remember celebrated Shireen's 40th birthday. The food was always delicious but the company was better. When the bulk of the guests had left, a pack of attention-hungry Yorkshire Terriers was unleashed on the remaining attendees who were lounging on the sofas.

Always gregarious, in the old Computer Lab on Corn Exchange Street he was a regular at the afternoon tea hour where he'd make a point of chatting with everyone. It is on those ugly faux-leather green armchairs that I remember discussing exciting ideas with him while they were still being shaped, from the Guy Fawkes protocol (a precursor to the blockchain) to How to cheat at the lottery to the bootstrapping process for the Resurrecting Duckling that later became my first highly cited paper with him. At conferences, too, he connected with everyone. More to the point, he pulled everyone together. On many occasions he served as the catalyst that created a new community that then went on for years, sometimes decades, well beyond his initial involvement as a founder. From the UK-crypto mailing list to the Foundation for Information Policy research, the Information Hiding workshop, the Fast Software Encryption workshop, the Workshop on Economics and Information Security, the one on Security and Human Behaviour and I'm missing out plenty more.

I remember he religiously took notes at every one of our security seminars, whoever the speaker was, building an encyclopedia of knowledge that he then distilled into his book, Security Engineering, which he wrote during the last year of my PhD. I was excited to read his drafts and to send him comments while I was working on my own dissertation and he was doing the same to me. I was over the moon when his prestigious publisher, Wiley, accepted my own book as well, thanks in part also to his influential recommendation. Now his encyclopedic 1200 page book, which he kept updating till his third edition in 2020, is a must read for anyone doing anything in security, and it's amazing that a single person could have so many insightful things to say on so many facets of our field. I'm rambling a bit by now, sorry, it's very sad to see him go at only 67, but I hope I am conveying a little bit of why I chose him, why I was excited at the prospect of working with him, and of why I feel that choosing him as my PhD supervisor was one of the best and most significant decisions in my career. And I had no idea at the time that, after completing my own PhD, I would be appointed to a Cambridge lectureship myself and become his colleague.

Thanks Ross, rest in peace and thank you for everything.

-- Frank Stajano (see more)
Ross broke down barriers. He treated everyone as equals, from the undergraduate intern to the visiting professor. He loved to bring people together from all walks of life. He saw the opportunity to learn from everyone he met. He loved nothing more than a robust argument; the opportunity to debate an issue at length.

There is a huge Ross Anderson-shaped hole in my life. He was a brilliant mentor, colleague, and friend to me and many others. His impact has been considerable in so many ways. He will be greatly missed.
-- Alice Hutchings
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.

I can't remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both - I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute, at Cambridge University, for the six-month cryptography residency program he ran (I mistakenly didn't stay the whole time) - that was in 1996.

I know I was at the first Fast Software Encryption workshop in December 1993, another conference he created. There I presented the Blowfish encryption algorithm. Pulling an old first-edition of Applied Cryptography (the one with the blue cover) down from the shelf, I see his name in the acknowledgments. Which means that sometime in early 1993 - probably at Eurocrypt in Lofthus, Norway - I, as an unpublished book author who had only written a couple of crypto articles for Dr. Dobb's Journal, asked him to read and comment on my book manuscript. And he said yes. Which means I mailed him a paper copy. And he read it. And mailed his handwritten comments back to me. In an envelope with stamps. Because that's how we did it back then.

I have known Ross for over thirty years, as both a colleague and a friend. He was enthusiastic, brilliant, opinionated, articulate, curmudgeonly, and kind. Pick up any of his academic papers - there are many - and odds are that you will find a least one unexpected insight. He was a cryptographer and security engineer, but also very much a generalist. He published on block cipher cryptanalysis in the 1990s, and the security of large-language models last year. He started conferences like nobody's business. His masterwork book, Security Engineering - now in its third edition - is as comprehensive a tome on cybersecurity and related topics as you could imagine. (Also note his fifteen-lecture video series on that same page. If you have never heard Ross lecture, you're in for a treat.) He was the first person to understand that security problems are often actually economic problems. He was the first person to make a lot of those sorts of connections. He fought against surveillance and backdoors, and for academic freedom. He didn't suffer fools in either government or the corporate world.

He's listed in the acknowledgments as a reader of every one of my books from Beyond Fear on. Recently, we'd see each other a couple of times a year: at this or that workshop or event. The last time I saw him was last June, at SHB 2023, in Pittsburgh. We were having dinner on Alessandro Acquisti‘s rooftop patio, celebrating another successful workshop. He was going to attend my Workshop on Reimagining Democracy in December, but he had to cancel at the last minute. (He sent me the talk he was going to give. I will see about posting it.) The day before he died, we were discussing how to accommodate everyone who registered for this year's SHB workshop. I learned something from him every single time we talked. And I am not the only one.

My heart goes out to his wife Shireen and his family. We lost him much too soon.

-- Bruce Schneier (see more)
Ross made a profound impact on me. He was an outstanding mentor who set a positive example of how to be an effective academic and a genuinely good person.

His mentorship style was very effective. He provided plenty of guidance, advice, and feedback. But he also kept a healthy enough distance that helped me grow into an independent scholar. I'll never forget our first meeting in his office. He explained to me that at the end of the first year, I'll have a viva. Until then, he told me I was free "to work on whatever the hell I want", and that we'd figure out if it worked at the viva. Of course, I saw him plenty that first year, and he was always generous with his time when I had questions or needed feedback. But we never had regularly scheduled meetings. Instead, Ross would randomly pop into my office (which was next door to his) any time he had something that he thought might be of interest to me or if he had an idea he wanted to talk through. Those meetings would invariably lead to discussions of what I was working on, and in that way shaped my path.

Ross always sought out opportunities to elevate his PhD students (and really, any junior scholars). I benefited directly. Anytime he was asked to speak, if he had a conflict, he would recommend one of his students instead. That's how I got to travel all over Europe, from Austria to Cyprus, giving keynotes on security economics as a PhD student. It's also how I co-authored a paper with him in Science and a report for the European Commission. And the best part was, I was never just his stand-in. He expected real contributions, treating me as a fellow scholar even before I felt like one. Only later did I realize that by sharing these opportunities he helped make it true.

Ross imparted on me the importance of working on real problems that people care about. He valued collaboration and sought it out at every opportunity. And he was never satisfied with the status quo. He was unafraid to argue for change when warranted. I have done my best to internalize these lessons in my own career, inspired by his example.

On a more personal level, I always enjoyed the times he invited the Security Group to his home in Wrestlingworth. Shireen cooked a delicious meal, and the conversations would go on for hours. During one such visit, Ross broke out his bagpipes. Needless to say, the sound was impressively loud, particularly in a small dining room!

Finally, I really appreciated getting to know Shireen better during Financial Crypto conferences. Shireen, Jillian and "the moms" (my mother and mother-in-law) would hang out at the beach while Ross and I attended sessions. Then at meals and in the evenings and social events we would all come together and enjoy each other's company. I will always cherish those memories
-- Tyler Moore
I remember the first time I met Ross. He was presenting his "Why Security is Hard" manuscript – which essentially started, or contributed to start, the entire field of research on infosec economics – at Berkeley in 2002. I was a PhD student there. I sent him an email in the scant hope he could meet with me while at the conference where he was presenting. Incredibly, he did reply, and did find time to meet with me, and chat.

That was the first of many, wonderful interactions I was so lucky to have with him over the subsequent 20 years. And now they seem too few.

Ross fought the good fight. He was relentless in that, and seemingly fearless of the powers he was putting himself against. That was inspirational: wow, I would tell myself, here is a serious scholar who is not afraid of taking very clear positions on critical issues, and speaking truth to the power!

I recall how intimated and amazed by him I was when I approached him in Berkeley in 2002 for our first chat. Over the years (especially thanks to organizing together the Security and Human Behavior workshop), I discovered such a warm, gentle, and incredibly funny side of his personality. And yet that sense of amazement never went away. Over the years, Ross was to me a mentor, an inspiration, a model, and a friend. He will be missed.
-- Alessandro Acquisti
Ross Anderson left us far too soon. I grieve for him and send my love to his family.

Ross was an intellectual giant and an absolute legend in computer and information security, and like any true giant, he was incredibly down-to-earth and friendly.

I first met Ross at the very beginning of my career, when I was a very junior faculty. Having been told of his famously low tolerance for idiocy, and being completely star stuck, I remember being very anxious the first time I was introduced to him. As it turns out, he was absolutely lovely and kind. Perhaps that's because the French and the Scots famously get along (by correctly blaming the English for everything that is wrong in this world), but I was impressed by his congeniality.

You can tell a lot about somebody's character just from the way they talk to higher-ups and people in lower positions. Ross' sharp and acerbic wit was solely reserved to people in position of power that, truly, shouldn't have been there. For those of us that were not -- junior faculty, students -- he was an indefatigable advocate, wonderful and kind mentor, and always had time for us.

I remember in late 2010 seeing a call for a very large grant from DHS. It was a very long shot, but I wanted to apply, and I thought that some of Ross' work was a good fit for some of what the funding agency was looking for. So, I invited him to team up. He accepted, and I wanted to get him to be front and center on the grant given his notoriety. He said that he wouldn't mind if we thought it'd help, but that I (and Tyler Moore, at the time another junior faculty on the grant) should be running the show, not him. Often with senior faculty, that's code for "put my name on this thing, I'll take the money, but don't ask me to do anything." In Ross' case, that meant tirelessly writing entire sections and editing the whole proposal, giving us a lot of advice, and then, stepping back from the limelight. We wrote a lot of that proposal at Financial Crypto in Saint Lucia, in between cocktails and beach time.

We got the grant. It completely changed my career. Later, I heard through the grapevine that Ross was one of my biggest supporters when asked to write evaluation letters. It was incredibly helpful to have such a legend in my corner.

So, I owe Ross a lot, and I am sad that I never will be able to repay him even a fraction of everything he did for me. But, now that I am becoming slightly more senior, I will try to honor his memory by using him as a model in my interactions with junior colleagues.

Thank you, Ross.
-- Nicolas Christin
Ross was a pragmatic visionary. He critically observed situations, identified how the situation should be, determined what would be needed to get there, and made it happen. He not only applied this strategy very successfully to his own career, but to the careers of many of us, changing our lives for the better. Incidentally, this is also how we met. I met Ross at a psychology conference (SARMAC) in Rotterdam (The Netherlands) back in 2013. He had just received a large grant op deterring deception and attended this conference to scout talent. We were both in the audience when Ross asked the speaker a question about the use of machine learning to tackle her research problem. The speaker completely blanked - it was probably the first time someone mentioned machine learning at that conference – but I got excited. So after the talk, I introduced myself to the person who asked this question, Ross. We started chatting and did not stop. We went for dinner that evening and he invited me to come to Cambridge, meet some people in the lab. This turned out to be a job interview, which I unfortunately only realised when I was already halfway through my visit. All's well that ends well, I got the job even though I hadn't consciously applied and it changed my life for good.

Ross was truly great at getting bright young minds together who shared his vision and were eager to facilitate change. He was a serial community builder. He founded multiple entire new disciplines and academic communities, including (but not limited to) WEIS on the economics of cyber security, SHB on security and human behaviour, and Decepticon on deceptive and dishonest behaviour.. The latter, Ross and I set up together and is still an active and vibrant research community today. Ross would attend all conferences and religiously take notes for, building an unparalleled open-access security resource.

Ross taught me to not only think strategically, but also to think big. How do we get the key researchers in our scientific committee? How do we get this line of research on the front page of the New York Times? Or even, how can this work lead to a Nobel Price? He encouraged his students to do cutting-edge and meaningful research and to share these new insights with the wider public.

Ross believed in cross-disciplinary synergy, that one plus one could be so much more than two, especially when the two are complementary. He hired grad students and postdocs with a wide variety of backgrounds, including computer scientists, criminologists, economists, lawyers, and psychologists like me. This led to vibrant Friday lab meetings where security related topics were discussed from a variety of angles, sometimes leading to unexpected insights.

Ross was idealistic. He would only record a MOOC (online course) if it would be made freely accessible to everyone. Same for the papers and books he wrote. He strongly believed that academic information should be open. Private information on the other hand, must be protected. He demonstrated the fallibility of anonymizing sensitive data such as electronic health records and that photos and documents can often be retrieved from a wiped smartphone. Ross dedicated his career to protecting people's privacy.

Ross was famous for advocating his strong opinions. I believe one of his quotes ended up on a wall at GCHQ and he famously send a reference letter comprising one single line: "You'd be a fool not to hire her". But one of the things I liked most about him, is that he always listened with an open mind. He was endlessly curious, read more and about a wider range of topics than any one person could comprehend. But if you disagreed with him and posed a solid argument, he would use this input to update and, when relevant, change his opinion. Ross always gave me the feeling that what I said, mattered.

Ross was a great mentor and friend. He was one of the most generous and welcoming people I have ever met. Ross had a strong influence on the careers and lives of many, mine included. For example, he generously invited me to his home where I not only admired his taste in art, but he also invited me to "shop" furniture in his garage. I had just moved to Cambridge and my apartment was still a bit empty. Ross lent me a beautiful closet that had belonged to a friend of theirs and even brought it to my home. Helped me move it up the stairs. He wanted to make sure Cambridge would feel like home. And the extraordinary thing is that this wasn't an exception. He cared this deeply for many people.

Importantly, Ross did not do this alone. I have seldom seen such a complementary match as Ross and Shireen. When Ross organized a conference at the lab, Shireen would be there to host it. To chat to everyone, make sure they felt seen and welcome. When Ross joined Churchill, Shireen set up new committees and organised events for the partners of fellows. When I felt torn between staying in the UK or moving back to the Netherlands, Shireen would take me to the pub to listen to my worries. And the next morning, Ross would come into my office to pose a solution. "Run an experiment at a Dutch university so you can spend some time at home". Problem solved.

In 2015, at the end of the grant, I left Cambridge to move back to the Netherlands. Ross through me a goodbye party at the computer lab, serving pink prosecco. I loved it. Since then, Ross and I have visited many conferences together and each time we did, we had such a wonderful time. In addition to hearing the ins and outs in the field, we would go for walks and visit art museums. Walking with Ross through the Smithsonian's National Air and Space Museum was remarkable. He knew everything about everything and talked about it with so much passion that I started to regret studying psychology instead of aerospace engineering. Ross would be the one I turned to when in need of some serious life advice, for example when dealing with my parents who turned ill or when having trouble finding suitable education for my daughter. Ross always inspired me to solve the problem and think big if needed. "If there's no suitable school, start one". Because problems are there to be solved.

The last contact we had was the day before Ross passed away. We were planning to meet up during his next visit to the Netherlands. I was already looking up art exhibitions, wondering which one he would like best. With Ross' passing, academia lost a great mind, society lost an advocate for human rights, and we all lost a truly great friend who will be missed dearly.
-- Sophie van der Zee
Ross Anderson died March 28. There is no one I learned more from in security than him. On every team I have run, when people new to infosec joined we would give them a copy of his epic work, "Security Engineering." His clear thinking and writing were and are the most useful guide anyone could have to understanding this field which is so filled with abstractions, jargon, and counter-intuitive protocols. Ross' writing showed how all the pieces fit and the increasingly important effect of information security on real world things.

My favorite part, and unique among many security and engineering works, is that each section typically discusses a threat model and then a set of security protocol attempts that have been made over the years to address this with more or less effectiveness. Just his ability to chart a multi-decade attempt of chipping away at some hard problem was impressive enough. But then, he would end the section with why and how this fails. Meaning still a lot more work to do. This industry is a far poorer place without him. We have lost someone important.

When I read the first edition of "Security Engineering", I had never seen someone link together the roles and interlocking dependencies of policies, mechanisms, and assurance in such a clear way. But Ross also added a fourth consideration- incentives. At the time, I was a young tech-first engineer, and I thought, hey this guy is being too academic, he had written such a good piece on security policies, mechanisms, and assurance, but then went too far into cute, academic abstractions with incentives. Of course, after a few years in practice, I realized, if anything, he had underweighted the importance of incentives. I told him later how I came to this eventual understanding, and Ross laughed that before he had been academic he spent his 20s and 30s as a contractor in banks, what he learned there on incentives was worth "more than a shelf-foot of books on game theory."

Ross' work is so useful, because he never stops at looking at security protocols in the abstract, he always shows - this is how this adapts well (or not) to a consumer mobile phone or a badge at a nuclear facility or satellite TV. Security is never just one thing, it is how it is used in the real world. Ross recognized that he was fortunate to spend time in industry before academia and the special blend, "gives you a gut feel for what goes wrong – not just with the mathematics, but with the metal, and with the managers too."

Last week, I went back and re-read Ross' work "Why Cryptosystems Fail" it is on ATM fraud mainly, and written in 1993. It could have been written today. System designers "have suffered from a lack of information about how their products fail in practice, as opposed to how they might fail in theory." Ross Anderson, rest in peace.
-- Gunnar Peterson
When I first met Ross, in June 1996, at the Isaac Newton Institute Programme that he ran at the time, I was immediately impressed by how many of the most famous and influential names from the world of coding theory, cryptography and computer security he had brought together there, and the wide range of topics he was interested in and collaborating on, with lots of people. He was always exploring new aspects of the field, picked up new ideas quickly and enthusiastically and was able to communicate them in the most engaging ways, whether in discussions, talks, or papers.

Ross was never an abstract theoretician but always keenly interested in topics that directly affect people in the real world. He spent enormous energy on fighting for consumer protection, holding banks to account over flaws in their procedures and systems and their attempts to pass on liability and the burden of proof to customers when things went wrong. His early papers on these topics contained some of the most engaging writing I had ever seen in scholarly communication.

Ross was a real force of nature and a great storyteller. He was never boring. I will miss him very much.

-- Markus Kuhn
Professor Anderson was a giant of the field. Yet he often took the time to drop me a note of appreciation when he liked something I published. It meant a lot to me, especially as a junior scholar. I corresponded with him just last week. This is a complete shock. RIP Ross
-- Arvind Narayanan
Ross was an inspiration. He did great things and he showed us how. He fought injustice and knew how to win. He created communities and drew people together who would never otherwise have talked. He cared about people and mentored so many, he knew us as individuals. He made us laugh. I will miss him.
-- Daniel Thomas
A beautiful mind has left us. I lost an esteemed colleague, dear friend, and mentor. Ross's influence stretched far beyond his role as a Professor at the University of Cambridge; he was a world-renowned figure whose brilliance and impact resonated throughout information and computer security research, spanning generations of researchers and scholars.

His intellect was unique, his research groundbreaking, and his dedication unbreakable. Ross was able to fuse profound knowledge with an incredible moral compass. He fearlessly championed privacy and information access rights, raising his voice against the misuse of technology and governmental overreach, always advocating for justice and integrity. And his impact is enormous. Beyond his academic fame, Ross was a living repository of wisdom, his mind a vast library of historical knowledge. His influence reaches beyond our immediate community, shaping the broader technology and policy landscape.

I had the privilege of knowing Ross and calling him a friend, and I was deeply touched by his genuine kindness and willingness to lend a helping hand. He embodied the true essence of compassion and generosity, leaving a legacy that will endure eternally.

To Ross's family, I extend my deepest condolences. May you find comfort in knowing that his legacy will continue to inspire countless individuals.

Ross, though you are no longer with us, your spirit will forever reside in the hearts and minds of all touched by your brilliance and kindness. Lastly, I borrowed a snippet from the known poem "Do Not Stand at My Grave and Weep" that I thought fits you well:

"I do not stand at your grave and weep.
You are a thousand winds that blow,
You are the diamond glints on snow,
You are the sunlight on ripened grain,
You are the gentle autumn rain.
-- Ahmad-Reza Sadeghi
I just want to note here just how important Ross Anderson was, not just within the UK digital community, but globally. He was the model of a politically and socially involved computer scientist -- when I first heard of him in the 90s, he was doggedly trying to point out that the then security protections against ATM (cashpoint) fraud were too weak, and that the banks were blaming customers for leaking their PIN codes when in fact, those codes were eminently crackable.

After that, he was /the/ key figure in fighting restrictions on cryptography in the UK, putting together a coalition of CS experts in founding the Foundation for Information Policy Research, and then becoming one of the key (informal) advisors to the Labour party. As a gruff, Scottish socialist, Ross was tailormade to act as a counterbalance to the United States' heavy lobbying of the Blair administration to tow the line on making usable crypto illegal outside of the United States.

That had a global effect: opposition in the UK, at the time the US's strongest ally in many policies, limited the ability for the crypto restriction regime to spread. (After many years, it's notable that the main countries passing crypto restrictions during this period were those /furthest/ away from US support, rather than closest -- France, Russia, etc.).

FIPR and its successes spawned a strong, and experienced digital rights community in the UK early on. It was Ross and Caspar Bowden (who also sadly passed away far too early) who were crucial in encouraging this group to work with others in Europe to form EDRi, which remains the core of digital rights advocacy in Brussels. If you've ever wondered why the EU occasionally comes up with good cyberlegislation, it's because of the influence of EDRi -- and that coordination came from Ross and Caspar recognising that the real decisions were being made not in the UK or the US, but in the growing work of the European Union.

But at the same time as doing this political work, Ross was also building the foundations of a serious cybersecurity approach. He applied political, economic and social aspects to computer security models: his early writing on /where/ to put the liability for computer security flaws are still influencing approaches to legal liability now. He drew deeply from the actual use of technology: my favourite memory of him is him explaining how the Irish Republican Army actually passed around secrets under the nose of the British Army to a somewhat amazed BBC journalist.

Ross' high reputation allowed Cambridge University to lure Microsoft funding for their infosec department. The results of that collaboration indirectly led to CHERI, a capability-based security system designed by some of the brightest minds in the UK and beyond, and still for many of us the great hope for truly robust digital security.

Recently, Ross was still working on the cutting edge: the other week, Cory Doctorow pointed me to a paper he co-authored recently on how ML models might collapse in the face of ingested ML-generated content. When I devoted a chunk of a lightning talk to him at EthDenver, a prominent Filecoin ecosystem participant came up to me afterwards to thank me for highlighting Ross' work, as he had been instrumental in supporting her early career. Ross was grumpy, unforgiving, a blistering writer of flaming emails, and sometimes oblivious of the effect his disapproval could have on others. But he pursued and achieved singularly useful advances in the field of information security, and in the wider, messier world of digital rights and global politics. He was mad at Cambridge for forcing him to retire at 67, and he was right -- not just from a political point of view, but from the truth that he still had so much to give. He died too soon.
-- Danny O'Brien
When I started my PhD in Germany in 2003, I did not know anything about security, but was determined to learn. So I put the 2nd Edition of Security Engineering on my night table, and systematically read through it for several weeks every night. Some years ago I realized that everything I know about security originates from his book.

I met Ross personally much later, in 2017 on the Security and Human Behavior Workshop, und he was incredibly and unexpectedly kind to me. It was a tough time in my professional life, and I felt protected when he was around. Just so. He was also, to my great surprise, interested in my research and helped with advice and connections.

I liked most his unique humour, and especially his smile. It illuminated his face and surroundings like sunshine. Thank you, Ross.
-- Zinaida Benenson
Ross was a force of nature: full of ideas and thoughts on how to implement them, combined with inexhaustible energy. Ross could be a cyclone when you disagreed with him -- full-force winds in your face at upwards of 90 miles an hour -- but also willing to listen once he realized you had a point. Ross's mastery of cryptography, security, and the underlying policy issues that impeded implementing good security showed a command, at a deep level, of multiple fields and a rare capability to work within them. His ability to weave this knowledge into narratives that were both compelling and comprehensible to the lay person was a remarkable skill; it will be sorely missed by the security community. So, too, will Ross's energy and his boundless intellectual curiosity.
-- Susan Landau
This is sad news. I met Ross for the first time at Cambridge in 2008. His magnum opus "Security Engineering" had been published a few months earlier. I knew some of his articles.

But what really impressed me when we met was his energy and his desire to make a difference in the world. Security was not a purely academic topic for him. It was his tool to make the world a safer place.

He stood up for the victims of cybercrime, fought against injustice and feared no opponent, whether from government or industry.

The WEIS conference series, which he co-founded, was for me the most influential series of events ever. It is the place for people who wanted to understand why security works or doesn't work in the real world.

The last time I met him was at WEIS 2023 in Geneva. He was making plans for his retirement and still had so much to do. Things that can no longer be done by him. But we should not forget that he educated and inspired a whole generation of security engineers who are now working in research, academia and industry. He was the giant.

To Ross's family, I extend my deepest condolences. We will miss Ross very much.
-- Boris Hemkemeier
Inviting me to help found WEIS changed my career in such a fundamental way. He created this pathway and ways forward that changed my trajectory. And now I am reading that he was did that to so many people, where a single interaction with him was a life inflection point.

I suppose he told you his bagpipe social engineering story: he discovered as a student on the continent that if you were in a given range of people in Germany they would drop some coins in your case. So he would march around playing of his many bagpipes in the train station, walking just close enough to people to engage the social contract - with a bagpipe - , and have enough to student the day away. He told this story to me and my younger child, who played brass in band, at FC by the ocean.

I posted this when I heard, "Ross Anderson cared deeply about the human outcomes of security & policy. He did not focus his brilliance on amassing tech wealth but instead on the hardest challenges, using nuanced technical insights in fighting to protect the vulnerable."

He was one of kind. And now I suppose I will never understand the differences between the Scottish and British enlightenments.
-- Jean Camp
It is hard to see the security group, the Computer Lab, and Cambridge without Ross. In late 2018 I had sent an email (without much hope) to Alastair and Ross inquiring about a PhD position. Somewhere in that email I linked my Master's Thesis. Ross replied soon after with detailed comments, questions, and encouragement -- apparently he had read the entire thing! I was impressed by so much generosity, kindness, and interest. That moment sealed the deal for me and I left the industry for the CL. I am very thankful for this important moment and the many that followed.

-- Daniel Hugenroth
Ross was an incredibly generous mentor who alloyed clear insights with kindess and civic sense. He was a formidable force and will be fondly remembered by many.

-- Nik Sultana
Our thoughts are with you,

-- Dieter & Jutta
Shireen, Ross, thank you very much for your friendship. We spent such a wonderful time in your garden outside on Windsor Street. Far from home, this place felt like an island of calm. We will cherish these memories in our hearts. Thank you for your support in difficult times, for your kindness and warmth.

Ross, thank you for the opportunity, humor, and patience. For walking around Cambridge, for talking about everything from handmade bagpipes to robo-noses. For honesty and openness to everything - from people rom other cultures to creepy pike caviar. We will miss you, looking forward to our next time in the garden.

With love,
-- Dasha and Ilia
I had just been talking to Ross Anderson a few days before I got the shocking news from a friend in Cambridge about him passing away unexpectedly. I could hardly believe it. Ross and I had been discussing a guest lecture I gave for his computer security course at the University of Edinburgh. He was his usual ebullient self, full of life, energy and passion. He spent a lot of time over email and Zoom to help me prepare and properly pitch the lecture. I am sure it would have been a lot less effort for him to just give the lecture himself, but he cared deeply about giving the students the best possible education, so for him a lecture about silicon level security from someone in industry was an important part of the students' education. He told me he was especially keen to impress upon the students the guest lecturer was a fellow Scotsman. Ross and I both come from Glasgow.

This level of passion, drive and "giving a damn" typified how Ross approached the many things he cared about in life, including playing the bagpipes. I took the photograph above on 14 March 2009 and I recall just how good the bagpipes sounded when played masterfully with great skill. Few of the songs that night were traditional Scottish tunes, most were pop songs amazingly transliterated to the bagpipes and they sounded wonderful.

I first came across the intellectual juggernaut Ross Anderson in a professional capacity, along with Saar Drimer, in Cambridge to discuss the security flaws in the chip and pin credit card system (Chip and PIN is Broken). However, we quickly bonded and became friends, due to a mutual interest in food, drink, music, technology and a similar "Glasweigan" perspective on the world.

I was surprised he would give the likes of me the time of day to talk deeply about silicon technology, security, banking, and the social aspects of security at a high bit-rate that I could hardly keep up with. I quickly realized that he was not a man of airs and graces, and treated everyone he encountered as equals. I very much admire and respect that quality. He could be fiery and intense, brutally direct and blunt, and loud and emphatic. He was that way because he cared.

As a broadly educated man he had the capability to intersect technology with economics and how people behave to understand the weak points and failings of technology. A phenomenally important role he played was holding to account the world of finance when it wrongly accused customers of giving away their PIN numbers, when they were actually stolen with "man in the middle" attacks from handheld chip and pin readers. The fact that he had worked in banking before he moved to academia no doubt greatly strengthened his hand.

The UK Post Office IT scandal reminds us how the big and powerful continue to cover up their failings by wrongly blaming innocent individuals. Big corporations entirely control the development and deployment of machine learning technology which will increasingly make inscrutable judgments about our lives, and us. Politics and government is attempting to make some inroads to try regulate AI. However, the world needs many more Ross Andersons in academic positions where they have the platform to speak truth to power, and fight for the ordinary person, to stamp out injustice, and fight for what is right and decent.

This is a picture of the last time I saw Ross in person, in January 2024 at Fin Boys restaurant in Cambridge, here shown with our mutual friend Sanjay. Anyone that knew Ross understood the depth of love and commitment he had to his family. Beyond that, he was a galus friend.
-- Satnam Singh (see more)
I may be the most junior person here to speak about Ross. As one of the last students advised by him, I may not have known him for as long as some of you have. Our connection began over four years ago when he, along with two other professors, interviewed me for a research assistant position at Cambridge. When I started my PhD on cybercrime with Alice in early 2022, I was fortunate to have him as my advisor, and since then, we have worked closely together.

Ross was the first person to take me for a walk around the building and outside on a sunny day when I arrived in Cambridge. We discussed various topics, and my initial impression was that he knew everything while I knew nothing. Indeed, he knows things very well. We had around six months together before COVID-19 disrupted our social contact, after which I had to return to my home country for over 1.5 years.

I was forced to return to the UK in late September 2020 to renew my visa. At that time, I was staying in a room far from the lab, and restrictions prevented me from going outside. Ross kindly came to help me collect and scan all necessary documents, not just once, but twice. When I expressed concern about the risk of infection and suggested waiting until after my self-quarantine to renew my visa, he reassured me: "Don't risk the visa, though. I can handle hazardous materials. Look, I pick up dog poo every time I take the dogs for a walk. I can't imagine that your passport is more hazardous!". I deeply appreciate his care for me, and I'm certain he cared deeply for others too.

The next time I met him in person was in late 2022 when I returned to Cambridge as restrictions were lifted. I started my PhD soon after, and since then, as we worked closer together, I could much better feel his endless energy. I admire him not only for his vast contributions to science in many ways, his enthusiasm, and his inspiration - as others have mentioned - but also for how he treated students and colleagues. For me personally, he always found opportunities to push me forward and introduced me to those he thought could help. He encouraged me to attend SHB this year and connected me with his former student in Singapore for an invited talk. He intended to connect me with some others too, but sadly never got the chance.

Ross also cared about my family as much as he cared about me. In mid-2023, my uncle was diagnosed with craniopharyngioma, and once Ross learnt about it, he tried everything he could to connect me with the best surgeons in Cambridge and India. Unfortunately, my uncle didn't get to travel, but Ross's help meant so much to me and my family. He was very generous, always spending his time and patience correcting my mistakes, not only in research but also in my English. He often told me, "Your English is broken," but the good thing was that he also explained why it was wrong and how it should be corrected. He gave me compliments when I did good work, even just small ones, and that encouraged me very much. I really felt reassured having him by my side.

The last major thing we did together was moving his bookshelf to the new office as Cambridge forced him to retire. He of course did not like that. When I saw him carrying things around, I offered my help, and he accepted. It took us a few weekends to sort everything out. He told me he had been in the old office for over 25 years and would miss it. He hoped he could stay in the new office for another 25 years. I wished the same. He showed me a card his mom and dad gave him long ago when he was a kid, and with his great smile, I knew he cherished it very much. I always wanted to have a picture with him when I graduated, and I promised to give him a copy of my PhD thesis later this year. Sadly, I will never have that chance.

Our last interaction was just before he passed away. I looked inside his office and saw him editing his webpage to make all the chapters of his book available for free. He had always wanted to do it, but copyright restrictions had prevented him until now. He also mentioned he might write a new edition when he had time, which I was eagerly anticipating. Later, he knocked on my door - as he always did to say goodbye before heading back home when we were both working late in the lab - and told me he would be in Edinburgh for a few days and would see me after Easter. Sadly, it was the last time I saw his smile.

I know nature is cruel, and that death is a part of life's beauty, but it has been incredibly heartbreaking to lose him so early and so suddenly. He passed away close to Good Friday, and I believe he has now risen to heaven with God. His life was very well-lived, and his vast contributions will never be forgotten by many generations of students, colleagues, and friends.

And yes, he had a strong passion for folk music. Here are some (rare) videos of him playing the bagpipe, recorded by me around one year before his passing. I miss that.
-- Anh V. Vu
Ross Anderson died unexpectedly in his sleep last Thursday, leaving a large group of us devastated. He was one of those unforgettable people - fabulously erudite, generous with his knowledge and friendship, fiercely independent, and fearless. He had a kind of flinty integrity that was wholly admirable, which meant that he was often a thorn in the side of university, governmental and academic establishments, who discovered that he was no pushover.

He was a Fellow of the Royal Society and a recipient of the British Computer Society's Ada Lovelace Medal. He was a world authority on computer security, cybercrime and cryptography. He was Professor of Security Engineering at Cambridge, and leaves behind a remarkable cohort of PhD students who were lucky enough to have him as a supervisor.

Many people found him formidable and indeed sometimes forbidding. He didn't do small talk. And yet when you were lucky enough to get to know him (as I was) he was great company. He and I used to walk round the '800' Wood near Cambridge with his two lovely dogs, deep in conversation about the sordid ingenuity of cyber-criminals, the short-sightedness of academic administrators, the intrusiveness of national security agencies, as well as about Celtic folk music of which he knew a lot. (He was a piper and shared my interest in Uileann piping.)

I learned such a lot from those conversations. Ross changed the way I looked at computing, and alerted me to the political economy of the technology which has shaped my thinking ever since. He always spoke his mind - which is why when an email from him would arrive at 8am on Sunday mornings I knew that he had read my Observer column and had something to say about it, and accordingly braced myself before reading further.

The last time I saw him was a few weeks ago, when we both snuck into a talk given by Matt Clifford (who has become Rishi Sunak's go-to man on "AI Safety"). He had been invited by a student group, and Ross and I were the only two grizzled veterans in the room. Before Clifford embarked on his boosterish talk, I got out my pen to take notes, and then noticed that Ross had opened his MacBook. So I put my pen away. He always took the most detailed and accurate notes of any event he attended, and I knew that if I needed to check something later about Clifford's performance, Ross's record would provide the evidence I needed.

Ross was furious about Cambridge University's remorseless determination to force academics to retire at 67, and he had been mounting a campaign against the policy. At 5pm on the day he died, he had an email conversation with one of his colleagues, Jon Crowcroft, about the possibility of harnessing generative AI to add spice to the campaign. Ross sent Jon a link to a song he had just prompted to create.

As Jon observed afterwards, it could almost serve as an obituary.

Ross's death marks the passing of the last of the five computer scientists who made Cambridge such a pioneering centre of research in the field - Maurice Wilkes, Roger Needham, David Wheeler, Karen Sparck Jones and Ross.

May he rest in peace. We were lucky to have known him.

Frank Stajano, one of Ross's colleagues in the Computer Lab, has written a lovely tribute to him in the blog that Ross and his colleagues have been running since 2006.

-- John Naughton (see more)
RIP Ross J. Anderson, who died on March 28, at 67 and leaves behind a smoking giant crater in the fields of security engineering and digital rights activism. For the former, he was a professor of security engineering at Cambridge University and Edinburgh University, a Fellow of the Royal Society, and a recipient of the BCS Lovelace medal. His giant textbook Security Engineering is a classic. In digital rights activism, he founded the Foundation for Information Policy Research (see also tenth anniversary and 15th anniversary) and the UK Crypto mailing list, and, understanding that the important technology laws were being made at the EU level, he pushed for the formation of European Digital Rights to act as an umbrella organization for the national digital rights organizations springing up in many countries. He also was one of the pioneers in security economics, and founded the annual Workshop on the Economics of Information Security, convening on April 8 for the 23rd time.

One reason Anderson was so effective in the area of digital rights is that he had the ability to look forward and see the next challenge while it was still forming. Even more important, he had an extraordinary ability to explain complex concepts in an understandable manner. You can experience this for yourself at the YouTube channel where he posted a series of lectures on security engineering or by reading any of the massive list of papers available at his home page.

He had a passionate and deep-seated sense of injustice. In the 1980s and 1990s, when customers complained about phantom ATM withdrawals and the banks tried to claim their software was infallible, he not only conducted a detailed study but adopted fraud in payment systems as an ongoing research interest.

He was a crucial figure in the fight over encryption policy, opposing key escrow in the 1990s and "lawful access" in the 2020s, for the same reasons: the laws of mathematics say that there is no such thing as a hole only good guys can exploit. His name is on many key research papers in this area.

In the days since his death, numerous former students and activists have come forward with stories of his generosity and wit, his eternal curiosity to learn new things, and the breadth and depth of his knowledge. And also: the forthright manner that made him cantankerous.

I think I first encountered Ross at the 1990s Scrambling for Safety events organized by Privacy International. He was slow to trust journalists, shall we say, and it was ten years before I felt he'd accepted me. The turning point was a conference where we both arrived at the lunch counter at the same time. I happened to be out of cash, and he bought me a sandwich.

Privately, in those early days I sometimes referred to him as the "mad cryptographer" because interviews with him often led to what seemed like off-the-wall digressions. One such led to an improbable story about the US Embassy in Moscow being targeted with microwaves in an attempt at espionage. This, I found later, was true. Still, I felt best not to quote it in the interests of getting people to listen to what he was saying about crypto policy.

My favorite Ross memory, though, is this: one night shortly before Christmas maybe ten years ago - by this time we were friends - when I interviewed him over Skype for yet another piece. It was late in Britain, and I'm not sure he was fully sober. Before he would talk about security, knowing of my interest in folk music, he insisted on playing several tunes on the Scottish chamber pipes. He played well. Pipe music was another of his consuming interests, and he brought to it as much intensity and scholarship as he did to all his other passions.

Ross J. Anderson, b. September 15, 1956, d. March 28, 2024.

-- Wendy M. Grossman (see more)
Devastating to hear this. Ross corresponded regularly and was tremendously encouraging. He made me feel like there was somebody else out there who understood the gravity of the work we do.

Ross has been one of the precious few who understood my thoughts about civic cybersecurity and how true national security is an ordinary daily attitude. That every grandmother and schoolchild deserves basic digital security, privacy and autonomy in their online life. That it is all our responsibilities to step up to the task that Apple, Google, Microsoft and our governments cannot handle alone unless we lead the way.

My cybersecurity courses and indeed my own security thinking have been profoundly shaped by his work. The idea of "Security Engineering" as a serious, measurable, reproducible discipline lay in his hands.

Ross was never anything but generous with his time and honest with his opinions.

His open publishing stance (to have complete copies of his older texts online, which he skilfully negotiated with Wiley. is an example to all academics.

His work leading the Cambridge team in doing interesting, socially relevant security work in a world of so many dry, inaccessible papers on cryptography and protocols was a refreshing beacon of light.

We planned to meet in Edinburgh one day and share some good single malts. I feel lost at this news. Sincere wishes to all Ross's family.
-- Dr. Andy Farnell
Ross was one of the most influential people in my time at Cambridge, someone of whom I was very fond and whose work I still follow over a decade later. I am deeply saddened to learn of his passing.

His dry sense of wit and humour, his uncompromising pursuit of injustice and his loathing of foolhardy decisions made by the political or moneyed elites were evident in all he did and said. Misunderstood by some, I came to respect most his tenacity; at fighting the big guy – and, more often than not, prevailing with his typical grit, logic and determination. His work continues to inspire, especially since three decades after he founded the field he would go on to be recognised for internationally, in many business and industrial circles we are still making the same basic security mistakes, driven by the same flawed economic models as Ross predicted. His work is timeless.

When he spoke, I listened, and on those rare occasions he complimented my work, I did not take that for granted. It is a regret that I did not take the opportunity to do a PhD with him. Rest in peace.
-- greengreengrass
I saw the sad news yesterday, via Alec Muffett that Ross Anderson had passed, which is an enormous loss the the IT security community (and the industry more widely).

I didn't know Ross very well, so the obituary from his friend and colleague Prof Bill Buchanan OBE provides a much better summary of his work and impact. What follows are just a few personal reflections.

Ross did a great deal to shape my work and my career path, and I'm thankful that I got to meet him a few times along the way. I've previously described 'Security Engineering' as "the bible of infosec", and through that work Ross was impacting the world I worked in before I ever heard his name.

I got to meet Ross for the first time at one of his Workshops on the Economics of Information Security (WEIS). That series of workshops came about from Ross's prodigious talent for picking up different lenses to look at the world of security through – in this case the lens of economics, leading to his seminal paper 'Why Information Security is Hard – An Economic Perspective'. My first encounter with Ross was a little prickly, as he had a huge distrust of banks, and by extension the people who worked for them; but I kept going back to WEIS, and over time our conversations became more collegiate*. My favourite memory of him was after WEIS 2010 in Cambridge MA where he invited anybody hanging around to join him for dinner, bringing together a wonderful slice of the community to talk shop over giant sushi boats. I wish I had a photo, as the happy relaxed Ross that evening was Ross at his best.

Through WEIS I got to know folk like Allan Friedman and Tyler Moore who are leading efforts to make us all more secure.

A few years back I found myself meeting a CISO for the first time and spotting a copy of Security Engineering on his bookshelf. I knew we'd get along just fine.

I'd hoped to see Ross again, and maybe chat to him about the Horizon scandal. I'd have also wanted him by my side as an expert witness if I ever got entangled in any legal trouble to do with computers. He'll be sorely missed; though it's a sign of the quality of his leadership that there are so many people that will continue his great work.

RIP Ross.

* After a conversation with Ross and Hal Varian about side channel attacks I recall thinking of an attack against pre-emptive execution in CPUs (like Meltdown or Spectre) which I dismissed at the time thinking the geniuses at Intel and Arm would have everything under control. Never assume – verify.
-- Chris Swan

🇬🇧 When a cryptographer passes away, one feels an inscrutable sense of disorientation, a loss that only the memory of him might soothe; yet, you realize that nothing in his absence can decipher that state of the soul which, we mortals, call nostalgia.

When a cryptographer dies, you reflect on our diminished capacity to solve existential riddles, puzzles that only a mathematician as an artist could have dared to desire to unravel.

Upon the death of a cryptographer, it becomes apparent that the world has lost a piece of the broader mosaic in which each one of us strives to fit, and you understand that he, perhaps, was on the verge of grasping how the mosaic and the piece are equivalent.

But, at the metaphor's end, we all now know that if the cryptographer dies, it is for three days, and then he rises again, ready to solve the secret paths that lead to enlightenment.

In memory of Ross John Anderson, who passed away on March 28, 2024.
-- Roberto Garavaglia
I'm not sure he knew it, but Professor Ross Anderson was a huge inspiration and source of knowledge when starting Volemic.

I still can't believe that he died suddenly on 28 March at his home in Cambridge.

Ross Anderson was a brilliant teacher of generations of computer scientists at Cambridge University, the author of the standard textbook on security engineering and a fierce intellect and advocate for security and privacy.

As Rory Cellan-Jones tweeted over the Easter weekend: "Ross Anderson was a mischievous, brilliant giant in the field of cybersecurity and privacy - until I met him I'd assumed he was in his 30s. Such a loss.."

In the words of another journalist and friend, Wendy M Grossman:

"Ross J. Anderson…leaves behind a smoking giant crater in the fields of security engineering and digital rights activism. For the former, he was a professor of security engineering at Cambridge University and Edinburgh University, a Fellow of the Royal Society, and a recipient of the BCS Lovelace medal. His giant textbook Security Engineering is a classic. In digital rights activism, he founded the Foundation for Information Policy Research and the UK Crypto mailing list, and, understanding that the important technology laws were being made at the EU level, he pushed for the formation of European Digital Rights to act as an umbrella organization for the national digital rights organizations springing up in many countries. He also was one of the pioneers in security economics, and founded the annual Workshop on the Economics of Information Security..."

His loss leaves a void for his family and friends and for everyone who cares about privacy and security.
-- Angus James Allen
Ross Anderson left us

My friend and colleague Louis Labelle just told me the news: Anderson died on March 28th.

The first time I heard about him was when I started working on a financial chip card project (to this day, the best project and the best team I contributed to...). Anderson was the annoying gadfly that kept finding security holes in the security protocols. As all goads, he kept us moving forward by pointing improvement possibilities.

I remembered him while doing my PhD thesis, and his publications became my rabbit holes. People who've done advanced studies will know what I mean: you find authors that open doors to new areas, you get fascinated and get distracted from your original goal. You have to focus back to your plan, but these authors are so driven, they can't be put aside.

Anderson was one of those authors.

He will be sorely missed.
-- Yvan Beaulieu
I'm sad to hear that Ross Anderson has passed away. In 2005-2006, I had the privilege, as a grad student, to visit Cambridge and work with Ross and members of his lab.

Ross was always deeply insightful and no BS. In the last email he and I exchanged, he was encouraging me to pick my battles, and said with his characteristic wit: "If I were to kick every asshole I meet I'd have died in jail long ago."

RIP Ross, and my deepest condolences to his friends and family.
-- Ben Adida
That is sad news for the security community. I have only just read that Ross Anderson, an inspiring author and security expert, has passed away. I read his book, Security Engineering, many years ago and often referred to it. I found it to be an excellent resource when starting out in Security Engineering. It’s no surprise that I still say it's a must-read book for anyone interested in the field.

We lost a prominent community member, but his legacy will live on. Prof Bill Buchanan has expressed our loss beautifully in a fitting blog post. You can read his tribute to Ross Anderson here.

Rest in peace, Ross Anderson.
-- Steven L.
This is incredibly sad news. Prof Ross Anderson had a formidable brain & fierce integrity.

He could sometimes give us in the security services a difficult time, but that's because he cared, & really knew his stuff. And he knew how to disagree well.

A life very well lived
-- Ciaran Martin
Very sorry to hear that Professor Ross Anderson passed away last night. Aside from his (numerous) contributions to Information Security, he was a mentor to and advocate for many researchers in the field. He will be sadly missed but leaves behind a strong legacy.
-- Steven Murdoch
I am deeply saddened by Ross's passing. To me, he was a great mentor, a caring elder, and a close friend.

Being admitted as his student was the most fortunate event for me. In the months before I arrived in the UK, from visa processing to accommodation and other life matters, Ross actively offered me help and advice. Upon my arrival, he cared my living and study situation all the time, we together explored and decided on research plans. Although we knew each other for a shorter time compared to his other students and colleagues, Ross was the closest person to me in the UK.

I am deeply grateful for his belief in my potential and his willingness to guide me. His erudition and rich experience were key factors in my decision to pursue a PhD here. I will always remember our first dinner at the High Table in Churchill College.

His visits to Edinburgh were not frequent, but we corresponded by email almost daily, and we met during the online meetings on Mondays, Wednesdays, and Fridays. At the University of Edinburgh, Ross was one of the most respected professors, benefiting both faculty and students from the interactions with him. His guidance, wisdom, and kindness have profoundly impacted my life and the lives of many others.

Please accept my heartfelt condolences during this difficult time. I am grateful for the opportunity to have been a part of his academic journey. I will always miss him. With deepest sympathy,
-- Lawrence Piao
I could not believe my eyes when I saw the sad news that Ross Anderson had passed away yesterday. This is a great loss of the cyber security community. I believe many will agree with me that Ross is one of the greatest cyber security researchers, educators and influncers in the UK and worldwide.

I exchanged emails with him in mid Jan regarding using some of his reports for my updated teaching materials on Online Safety Act 2023 and planned to contact him again in the next weeks for something else. I still remember his invited talk for ICICS 2022 very well, when he planned to come to Kent but had to switch to an online talk. Like many of his other talks, the ICICS 2022 talk was very insightful and well received.

May his soul rest in peace!
-- Shujun Li
Very sad that Ross Anderson has died unexpectedly in his sleep. He is a hero of cybersecurity and technology policy. I am in absolute awe of how much he got done not only as an academic but as an organiser and a true, unpaid (beyond his professorial salary) servant of the public, answering every relevant call for expertise. He is deservedly the most cited person on Google Scholar for Technology Policy.

I'm sure others who know more about his work and him more personally will write better posts. But I just want to say how much I admire him and his work and to share a picture I took the one time I visited him in his office at Cambridge, in 2018.
-- Joanna Bryson
Sad to hear of the passing of Ross Anderson. For a lowly undergrad attending his security courses, the first few lectures seemed almost deliberately obtuse. Those that stuck around though were treated to stories of international espionage, incredible hardware hacks such as reading CRT displays through brick walls, and a cutting disdain for the overconfidence of governments and corporations in their technology twenty years ahead of its time.

RIP Professor, keep fighting the good fight.
-- Dan Borthwick
I was absolutely shocked yesterday to find out that Prof Ross Anderson died on Thursday.

He was a brilliant man, a pioneer in cybersecurity and had a strong sense of justice. And from personal experience, he had a lot of patience when explaining complex technical jargon.

-- Oliver Price
Very sad to hear of Ross Anderson's passing yesterday. The industry only moves forward when pushed, and few pushed harder than Ross.

I had the honour of being a reviewer on the third edition of his book, and to have the benefit of his professional input for over twenty years. If you ever thought you knew anything, Ross could definitely make you reconsider.

Despite the longer daylight hours the world is a little darker today. We are only lucky that Ross has left such a lasting impression that his legacy will endure.
-- Jon Geater
Sound the pibroch loud and high. We lost Ross Anderson yesterday. He was many things: security researcher, teacher, cryptographer, blogger, Cambridge professor, consultant, conference organiser, FRS, FREng, campaigner and piper.

If you want to understand cybersecurity, there is no better way to start than by reading Ross' book: "Security Engineering". Typically for Ross, chapters are freely available on Ross' home page at the Cambridge Computer Lab. Or by watching the Security Engineering lecturers he recorded with Sam Ainsworth (Edinburgh University) and uploaded to YouTube.

Ross showed us the importance of thinking clearly about security. Not the hype, but the engineering.

He was always willing to listen to new ideas, consider them fairly and to share his insights. When I started thinking about the implications of Post Quantum Cryptography it was Ross that told me to think about compliance, audit and cyber-insurance in large enterprises.

Ross' legacy is in the students he taught, the PhDs he supervised and the people he inspired. I will miss him.
-- Zygmunt Lozinski
RIP Prof Ross Anderson, my dear academic grandfather. For your brilliant work on citizens' security and privacy, thank you! What a legacy left behind by a true legend! We will miss you.
-- Maryam Mehrnezhad
I cannot believe this. Rest in peace Ross. I'll always remember the advice and the kindness support that he gave to me and my family in Cambridge. My most sincere condolences to all family and friends.
-- Sergio Pastrana
Prof. Ross Anderson was a great mentor to me. He was more than a giant in s&p. His deep passion and curiosity about humanity and human history deeply encouraged me. "We felt so ethereal as if we were ascending into heaven and becoming winged immortal." Ross will be remembered.
-- Jingjie Li
I have just seen this very sad news. I had only a handful of - always memorable - interactions with Ross, at Churchill College events. He was quick, witty & kind. A great defender of academic freedoms. He will be missed in Cambridge & beyond. My condolences to his family and friends.
-- Paul DW Kirk
Very sad to read of the passing of Ross, who I had come to know recently through Churchill college, where he had been a very active SCR member. A very distinguished academic at the cutting edge of data security, he is succeded by the countless numbers that he educated.
-- Will Watson
This is very sad news. One of the giants of our industry and on his shoulders many stand. His books on Security Engineering are always my go to guides. May he rest in peace and my condolences to his family, friends, and colleagues
-- Brian Honan
RIP Ross Anderson - a pioneer in security and privacy research, and pretty much the first to not only recognise the importance of both economics and human behaviour in security, but to then do something about it. He will be sadly missed.
-- Adam Joinson
Such an important figure in UK and EU debates on encryption and surveillance for decades; and a very supportive teacher and colleague to so many, including me. RIP Ross
-- Ian Brown
So sad hearing this. Ross was an incredibly useful source because he would tell you fiercely and immediately when you were wrong. He was the person who helped me understand the DeepMind/Royal Free story, by walking me through the Information Sharing Agreement
-- Hal Hodson
Even amidst the high standards at Cambridge, Ross stood out as a towering intellect. Sharp mind. Blunt speech. Great bagpiper. If you were with Ross, you knew there'd be a story.

Our thoughts are with you, Shireen.
-- Matthew Agarwala
Very shocked and saddened by this news. Perhaps not everyone knows that Ross had a very keen interest in psychology too. We talked frequently about the application of inoculation to information security. Such a brilliant interdisciplinary colleague. He will be deeply missed.
-- Sander van der Linden
... and a lot more that I am adding ...
Thank you, Ross, for everything. Cambridge will be missing you. And so will all of us.