Peter G. Neumann, a pioneering computer security researcher whose career spanned more than seven decades and whose work significantly influenced the design of secure computing systems, died on Sunday at the Santa Clara Medical Center in Santa Clara, California. He was 93.
Dr. Neumann was renowned for his lifelong pursuit of understanding and mitigating the complexities of computer systems, a philosophical journey that began in November 1952 with a two-hour breakfast conversation with Albert Einstein. During this meeting, Einstein’s aphorism, “Everything should be made as simple as possible, but no simpler,” left a profound impression on the Harvard sophomore, shaping his approach to the inherent beauty and perilous nature of system complexity.
At the time of his death, Dr. Neumann was actively engaged in full-time research on a Pentagon-supported advanced computer security design known as CHERI, a technology now being adopted by major industry players such as Google and Microsoft. His daughter, Helen Neumann, stated that the cause of death was complications from a recent fall.
For decades, Dr. Neumann (pronounced NOY-man) served as a computer scientist and security researcher at SRI International in Menlo Park, California, joining the institution in 1971. Throughout his distinguished career, he was a persistent critic of recurring design flaws in the computer industry, frequently described as a “voice in the wilderness” warning against systemic vulnerabilities.
In 2010, Dr. Neumann initiated the CHERI research project, a groundbreaking effort to develop robust defenses against prevalent security vulnerabilities. Funded by the Defense Advanced Research Projects Agency (DARPA), CHERI innovated a novel approach to computer hardware architecture. This design fundamentally restricts software programs, making it impossible for malicious or unauthorized instructions to execute. To illustrate its concept, one could imagine replacing a single master key capable of opening every door in a building with a unique set of keys, each specifically designed to open only the authorized rooms for its holder, with the added impossibility of copying or altering these individual keys.
The profound implications of this technology have led to its commercialization. Recently, the CHERI Alliance, an industry organization, has begun integrating the CHERI design into consumer products and various industrial applications, signaling a significant shift towards hardware-enforced security.
Whitfield Diffie, a mathematician and cryptographer credited as the co-inventor of public key cryptography, described Dr. Neumann as “both one of the last of the old guard and a pointer to the future.” Diffie added, “He describes himself as having had a 70-year career in computer science, starting with his graduation from Harvard, and he has always advocated starting with hardware designed to support security.”
Among his many contributions, Dr. Neumann served as the editor for the Association for Computing Machinery (ACM) Risks Forum newsgroup starting in 1985. This influential online collection of emails, featuring reports from readers on computer failures, flaws, and foibles, garnered an avid following of hundreds of thousands globally. Dr. Neumann meticulously curated this sprawling compendium of computer-related issues, annotating each of its 3,195 entries with insightful, often wry, comments and occasional puns. This extensive work formed the foundation for his seminal 1995 book, “Computer-Related Risks.”
In the 1990s, he was a key researcher on another DARPA-funded initiative called Emerald, a project aimed at developing new methods for detecting intruders in large computer networks. While Emerald did not result in a direct commercial spinoff, SRI International successfully pursued several lawsuits against Silicon Valley companies for unauthorized use of its underlying technology.
Despite his considerable influence and foundational work in the field of computer security, Dr. Neumann maintained a notably low profile throughout his career.
Patrick Lincoln, the office director of DARPA’s Information Innovation Office, praised Dr. Neumann’s selflessness, stating, “There’s no limit on the impact that a small team can have if they don’t care who gets credit.” Lincoln characterized Dr. Neumann as consistently working behind the scenes without seeking recognition, concluding, “The world is just so much a better place for having had Peter.”
Dr. Neumann was a consistent critic of what he perceived as lax industry attitudes towards both computer security and individual digital privacy. He articulated his perspective by saying, “I’m fundamentally an optimist with regard to what we can do with research. I’m fundamentally a pessimist with respect to what corporations who are fundamentally beholden to their stockholders do, because they’re always working on short-term appearance.”
Peter Gabriel Neumann was born on September 21, 1932, in Manhattan, New York. His father, Israel Ber Neumann, was a prominent art dealer who initially worked in Germany before relocating to the United States in 1923, where he established the New Art Circle gallery in New York. The senior Neumann’s decision to move to America was prompted by a harrowing experience in Germany, where he found himself seated near Adolf Hitler in a restaurant shortly before his departure.
His mother, Elsa Schmid Neumann, was a mosaic artist. The memorable breakfast meeting with Albert Einstein occurred because his mother had been commissioned to create a colorful mosaic portrait of the physicist and had subsequently developed a friendship with him. This mosaic was displayed for many years in a reference reading room at the main library of Boston University.
Dr. Neumann spent his early years in Manhattan’s Greenwich Village before his family moved to Rye, New York, where he attended high school. He gained his first exposure to computing during a college summer, programming an IBM card-punched calculator for the U.S. Naval Ordnance Laboratory.
He enrolled at Harvard University in 1950, where he would become one of the earliest “computer hackers” during his senior year. At the time, the term “hacker” referred to individuals deeply fascinated by computers and their inner workings, a different connotation from its later association with unauthorized network intrusion. At Harvard, Dr. Neumann was among the first programmers to enjoy solo access to his own “personal” computer, albeit only on weekends. He earned the trust of Howard Aiken, the designer of the Mark IV, one of the world’s first stored-program computers. Every Friday at 5 p.m., Dr. Neumann would take charge of the machine from its regular operators, having exclusive use of the system until Monday morning. He humorously recounted, “I was the operator, maintainer and guru.” Alongside fellow student Fredrick P. Brooks Jr., who later became an influential IBM computer designer, Dr. Neumann co-authored a paper exploring the use of the Mark IV for composing music.
After completing a two-year Fulbright fellowship in Germany, Dr. Neumann earned his Ph.D. in mathematics from Harvard and joined Bell Laboratories in 1960. During his decade at Bell Labs, he played a pivotal role in the development of the Multics operating system. Multics (Multiplexed Information and Computing Service) was an early Pentagon-financed project developed collaboratively by researchers at the Massachusetts Institute of Technology, Bell Laboratories, and the Honeywell Corporation beginning in the mid-1960s. It represented the first systematic attempt to address the complex challenge of securely sharing computer resources among numerous users, pioneering many concepts that would become fundamental to modern computing.
Beyond his professional pursuits, Dr. Neumann maintained a lifelong passion for music, proficiently playing a variety of instruments including the bassoon, French horn, trombone, and piano in several musical groups. He was known for frequently leading his colleagues in Gilbert and Sullivan songs at computer conferences. In December 2024, demonstrating his dedication to the arts, Dr. Neumann made an anonymous $4 million donation to the San Francisco Symphony, specifically earmarked to preserve its chorus, as confirmed by his daughter, Helen.
Helen Neumann is his only surviving family member. He was married twice; his first marriage to Anne Ferris Rittershofer ended in divorce, and his second wife, Elizabeth Susan Neumann, passed away in 2020. Two sons, John and Christopher, predeceased him.
Dr. Neumann occupied the same office at SRI International since his arrival as a computer researcher in 1971. His office became legendary for its towering stacks of computer science literature, which filled every available space. A popular anecdote recounts that after the 1989 Loma Prieta earthquake, which registered 7.1 magnitude, colleagues visiting the SRI campus were astonished to find that while other offices were in disarray, nothing in Dr. Neumann’s famously cluttered office appeared to have been disturbed, a testament to its unique, if unconventional, stability, until the building was later modified for earthquake resistance.
Why This Matters
The passing of Peter G. Neumann marks the end of an era for computer security, but his profound influence continues to shape the digital world. Dr. Neumann was not merely a researcher; he was a visionary who consistently highlighted the critical importance of building security into computing systems from their foundational hardware. His early warnings, articulated through platforms like the Risks Forum, laid bare the systemic vulnerabilities that have plagued the industry for decades, proving him prescient in an age where cyber threats are now commonplace and increasingly sophisticated.
His work on projects like Multics in the 1960s established pioneering concepts for secure multi-user systems, many of which are now taken for granted in modern operating systems. More recently, his leadership in the DARPA-funded CHERI project offers a tangible solution to prevent entire classes of software vulnerabilities by enforcing hardware-level security. As major technology companies like Google and Microsoft adopt CHERI, Dr. Neumann’s vision for intrinsically secure computing is moving from research into commercial application, promising a more resilient and trustworthy digital infrastructure for everyone.
In an increasingly interconnected world where data breaches, cyberattacks, and privacy concerns dominate headlines, Dr. Neumann’s legacy is a powerful reminder that security is not an afterthought but a fundamental design principle. His “optimist/pessimist” view—optimistic about research potential, pessimistic about corporate short-termism—remains critically relevant. It underscores the ongoing tension between innovation, profit, and the public’s need for secure and private digital experiences. His unwavering dedication to identifying and mitigating “computer-related risks” serves as a lasting blueprint for future generations of technologists and policymakers striving to build a safer digital future.