Agree with you - there's nothing new in the article. I gave a talk a
couple years ago at a conference on biomedical engineering, and there was
one person in the room (out of a few hundred) who had heard of Therac-25.
(Which I assume is what you were referring to with 1985.)
If the article were
Another big frustration: No-one seems to be making any real headway into the
problem of actually measuring loss attributable to doing nothing - or, in other
words, losses cradle to grave from operating insufficiently secure systems.
People try to measure ROI from security, which is a ridiculous
