Dailydave mailing list archives
Re: w00t 08
From: Jon Oberheide <jon () oberheide org>
Date: Sat, 02 Aug 2008 15:01:40 -0400
Having just gotten back from WOOT and being a self-loathing academic who thinks that a significant portion of academic security research is garbage, I have to both agree and disagree. Yes, there is a huge gap between the public and private research communities. This division was very apparent at WOOT this year. There was a sea of blank stares and misguided questions during Charlie's JS presentation and a bunch of confused faces when we were discussing "Dowd-weeks" as a security assurance metric. Simply put, if you want to filter down the proceedings to the interesting presentations, a simple `grep -v University` of the author institutions is sufficient. But I disagree with the "in or out" approach. WOOT certainly has a difficult task: it only attracted a low 20-some submissions this year, is scheduled right next to BH USA, and lacks any incentive for private researchers to bring their work into the USENIX arena, just to name a few of the problems. However, if WOOT can narrow that gap between the public and private communities ever so slightly (or even decrease the rate of the gap widening), or convince 30-some academics that they are so far behind the curve of offensive research, then I think it has achieved its goals. Regards, Jon Oberheide On Fri, 2008-08-01 at 11:25 -0400, Dave Aitel wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 These are not the papers you're looking for. http://www.usenix.org/event/woot08/tech/full_papers/ Seriously, there's nothing there to scare an network offense professional. I don't think it's w00t's fault, either. I think the research communities are diverging into public and private, as this research gets more expensive to do. USENIX may not be the place for academic treatment of offensive security research. A friend of mine wonders if there's any future for academic treatment of the subject at all. He wonder's wistfully of course, since he likes academia. Anyways, either be scary or be silly. There's no middle ground here. It's a fundamental truth in this field: You're either in, or you're out. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIkysFtehAhL0gheoRAnyWAJ9TKJVNITG4RHQe/gFkA5oF4ar/SwCeMEdj J0NkyoTLEpaNjC8LU8C70nM= =hdCB -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
-- Jon Oberheide <jon () oberheide org> GnuPG Key: 1024D/F47C17FE Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- w00t 08 Dave Aitel (Aug 01)
- Re: w00t 08 Charles Miller (Aug 02)
- Re: w00t 08 Mike Patterson (Aug 02)
- Re: w00t 08 Jon Oberheide (Aug 02)
- Re: w00t 08 root (Aug 02)
- Re: w00t 08 nnp (Aug 03)
- Re: w00t 08 Katie M (Aug 03)
- Re: w00t 08 dan (Aug 04)
- Re: w00t 08 Dean Pierce (Aug 03)
- Re: w00t 08 dan (Aug 03)
- Re: w00t 08 nnp (Aug 03)
- Re: w00t 08 Adam Shostack (Aug 03)
- Re: w00t 08 Charles Miller (Aug 04)
- some ISECOM releases Pete Herzog (Aug 07)
- Re: w00t 08 Charles Miller (Aug 02)