a) 1974 http://web.mit.edu/Saltzer/www/publications/protection/
b) SecurityMetrics mailing list going round in circles.....
c) "It'll be just as insecure as it possibly can, while still continuing to function."
One does worry.
Until we can elicit a value to shared and dedicated nodes/messages + the organisational superorganism as a whole, risk and the quantification thereof is a joke.... unfortunately shared infrastructure and services such as routing/DNS/SNMP/NTP/logging *are* business critical e.g. data and control planes including management control planes. http://twitter.com/irldexter/status/1087480944
Here's to 2009! And some standardisaiton of code development and testing including liability etc as per David Rice's arguments in Geekonomics. http://my.safaribooksonline.com/9780321477897