Security and Privacy – Communications of the ACM

BLOG@CACM Mar 28 2025

Privacy Washing through PETs: the Case of Worldcoin

The computing community should prevent the use of PETs (privacy enhancing technologies) for privacy washing.

Kris Shrishak

News Mar 27 2025

Security Research Gaps Leave Critical Infrastructure Open to Cyberattack

The risk of attack on industrial controls is greater for today's interconnected systems than for those in the isolated world of Stuxnet.

Paul Marks

opening in a wall of 1s and 0s, illustration

Opinion Mar 24 2025

Web 3.0 Requires Data Integrity

It’s time for new integrity-focused standards to enable the trusted AI services of tomorrow.

Bruce Schneier and Davi Ottenheimer

wave glow circle with motion of dots, illustration

News Mar 19 2025

Cyber Trust Mark to Distinguish Secure Smart Home Devices

The U.S. Cyber Trust Mark program is a mechanism for providers of wireless smart home devices to test and certify the security of their products.

David Geer

woman adjusting a baby monitor near bed of a sleeping child

BLOG@CACM Mar 10 2025

Beyond Compliance: Security Documentation as a Strategic Asset

It’s time to stop viewing security documentation as a necessary evil and start leveraging it as a strategic asset.

Alex Williams

laptop computer inside an open book, technical documentation concept

News Mar 4 2025

Sound Ideas

Researchers are tuning in on ways to turn down the volume with fabrics and materials that buffer, baffle, and block sound waves.

Samuel Greengard

News Mar 3 2025

Explaining AI Explainability

Model transparency aims to reduce bias and ensure trust.

R. Colin Johnson

robot pointing at whiteboard, illustration

News Mar 3 2025

Willow and the Countdown to Quantum Breaches

The ever-increasing speed of quantum computers bodes both well and poorly for cybersecurity.

David Geer

BLOG@CACM Feb 24 2025

Why Policies and Training Fail Without a Strong Cybersecurity Culture

Organizations must foster a culture of trust where employees feel comfortable discussing security concerns openly.

Alex Vakulov

News Feb 24 2025

Reasons to Raise the Cyber-Shields

Nation-states and threat actors are creating targeted, manufactured disruptions that attack U.S. critical infrastructure.

David Geer

numeric code in front of an American flag on a screen

Research and Advances Feb 21 2025

Exploiting Cross-Layer Vulnerabilities: Off-Path Attacks on the TCP/IP Protocol Suite

An investigation of vulnerabilities within the TCP/IP protocol suite that can be exploited by forged ICMP errors.

crashing starburst figures with red dots in background, illustration

Opinion Feb 20 2025

A Glimpse Into the Pandora’s Box

A combination of safety measures and safety labels should be developed and employed on how AI models in applications analyze camera frames in real time.

Jack West, Jingjie Li, and Kassem Fawaz

Research Highlights Feb 20 2025

R2T: Instance-Optimal Truncation for Differentially Private Query Evaluation with Foreign Keys

The first DP mechanism for answering arbitrary SPJA queries in a database with foreign-key constraints.

Research Highlights Feb 20 2025

Technical Perspective: Toward Building a Differentially Private DBMS

The paper is an important step toward automatically ensuring privacy for arbitrary computations.

Graham Cormode

BLOG@CACM Jan 31 2025

AI Agents: Automation is Not Enough

AI Agents adapt to changes, learn from feedback, and can act autonomously or in collaboration with humans or other agents.

Shanmugam Sudalaimuthu

News Jan 31 2025

The Infamous Infostealers

Infostealers have been siphoning sensitive data for more than 16 years, since the first banking Trojan stole usernames and passwords.

David Geer

hand reaching towards computer display, hacker concept

Opinion Jan 22 2025

It Is Time to Standardize Principles and Practices for Software Memory Safety

Memory-safety standardization is an essential step to promoting universal strong memory safety in government and industry, and to ensure access to more secure software for all.

Practice Jan 15 2025

Questioning the Criteria for Evaluating Non-Cryptographic Hash Functions

There seems to be a gap in how cryptographic and non-cryptographic hash functions are designed.

Catherine Hayes and David Malone

Opinion Jan 13 2025

Building on Shaky Ground

It simply is not appropriate to write code that will be connected to the Internet in an unsafe language such as C.

George V. Neville-Neil

News Jan 8 2025

How Software Bugs led to ‘One of the Greatest Miscarriages of Justice’ in British History

Bad coding and bad testing characterize the software that led to wrongful convictions, financial ruin, and four suicides.

Mark Halper

London, UK, post office sign with Horizon

BLOG@CACM Dec 20 2024

Strengthening Security Throughout the ML/AI Lifecycle

Automation, audits, and access control are some of the ways to enhance security in ML systems.

Alex Vakulov

BLOG@CACM Dec 17 2024

Zero-Trust Security in Software Development

The zero-trust security model is a proactive approach to overcoming potential threats and enhancing application security.

Harikrishna Kundariya

News Dec 11 2024

It’s Another Attack on the U.S. Capitol

Using the same password for business and personal accounts is a common but risky practice that creates vulnerabilities.

R. Colin Johnson

U.S. Capitol with overlayed computer circuitry

News Nov 25 2024

Email Insecurity

Aides or staffers registered official email addresses and passwords on vulnerable third-party sites, putting those credentials at risk.

David Geer

U.S. Capitol building seen through a pair of open doors

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More