The guys who did the Multics penetration tests for the Air Force have
re-released it, with commentary on what 30 years has changed (and more
importantly, not changed). Most depressing quote:
Thus, systems that are weaker than Multics are consid-
ered for use in environments in excess of what even Mul-
tics could deliver without restructuring around a security
kernel. There really seem to be only four possible con-
clusions from this: either (1) today's systems are really
much more secure than we claim; (2) today's potential
attackers are much less capable or motivated; (3) the in-
formation being processed is much less valuable; or (4)
people are unwilling or unable to recognize the compel-
ling need to employ much better technical solutions.