I was re-reading Bill Gates’ Trustworthy Computing Memo, when I came across an apparent anachronism: a reference to the attacks of September 11th, 2001. I was certain that the memo predated 9/11. A doubletake at the timestamp confirmed that Gates sent it out January 15th 2002.
But the two events were definitely flipped in order in my mind, and I wondered if I was the only one. So I started asking friends who have been working in computer security for over 20 years for their gut instinct: what came first, the Trustworthy Computing Memo or 9/11? The results have been nearly unanimous. Almost everyone who was already working as a security engineer at the time is convinced the memo came first.
I have a theory for this time warp. 9/11 still feels like recent history. It was something that happened during our generation — we were all adults at the time. Gates’ memo, on the other hand, feels like something from the predawn of time. It marks a point when the industry formally acknowledged the importance of product security. It was a watershed moment that effectively marks the beginning of life for our professional generation. It as our AD 1, and in our minds it predates all modern history.