ABSTRACT
In this contribution, we cover the major philosophical concepts describing the field of security engineering, drawing on literature from philosophy, criminology, and engineering disciplines, with a focus on computer science and cybersecurity. We show that security distinguishes itself as a topic in engineering because it entails a combination of (a) dealing with adversaries and adversarial risk, (b) the intricacies of non-functional requirements and associated verifiability problems, (c) poorly established guidelines for a “science of security” and associated metrics, and (d) a heavily politicized context. While outlining these topics, we will touch upon several key debates in the field, such as secret versus transparent security, and user versus designer responsibility.
