[jascii]

I wonder what makes you say that? There is more social focus on security, however that seems more a consequence of the pervasiveness of computing in our society then in fundamental progress in our systems-thinking. As far as I can tell, the basic security models have not changed much since the late 60's.

[wyldfire]

"the basic security models have not changed much since the late 60's" != "number one thing that could have gotten better in the last 19 years but didn't: security"

Those two are very different claims IMO. Who cares what the basic security models are if you are significantly more difficult to attack?

We can debate whether these were "innovative" or not but the fact is that in 2000 none of these things existed in anything beyond research if at all there: ASLR, stack canaries, RETGUARD, pledge, jails, seccomp, fuzzing, San/kSan/HWAsan (tagged mem), NX, signed bootloaders/secure enclaves. IMO, iOS took huge steps to isolate the different user applications from one another.

EDIT: I deleted a reference to SELinux. It was introduced only a handful of days before Jan 1, 2001 ;)

[jascii]

The article is talking about academic research while most of the examples you quote seem recent(ish) industry implementations of these security models. I'd say that corroborates rather then disputes the authors thesis..