(from CRA, http://www.cra.org/Activities/grand.challenges/security/press.release.html)
- Eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years;
- Develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets;
- Develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade;
- Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.
