Ross John Anderson (15 September 1956 – 28 March 2024) was a British researcher, author, and industry consultant in security engineering.

[22] Anderson's TCPA FAQ has been characterised by IBM TC researcher David R. Safford as "full of technical errors" and of "presenting speculation as fact.

Anderson noted the only way this kind of systemic data collection was made possible was through the business models of private industry.

The value of information-driven Web companies such as Facebook and Google is built around their ability to gather vast tracts of data.

His nomination reads: Professor Ross Anderson, Personal Chair in Security Engineering, Computer Laboratory, University of Cambridge.

Ross Anderson was a pioneer and world leader in security engineering, and is distinguished for starting a number of new areas of research in hardware, software and systems.

His early work on how systems fail established a base of empirical evidence for building threat models for a wide range of applications from banking to healthcare.

Anderson made trailblazing contributions that helped establish a number of new research topics, including security usability, hardware tamper-resistance, information hiding, and the analysis of application programming interfaces.

[33][11] By agreement with the publisher [1], the third edition of Ross Anderson's book Security Engineering was made available for download at the Cambridge University archive in November 2024.