Dailydave mailing list archives

Re: w00t 08

From: Jon Oberheide <jon () oberheide org>
Date: Sat, 02 Aug 2008 15:01:40 -0400

Having just gotten back from WOOT and being a self-loathing academic who
thinks that a significant portion of academic security research is
garbage, I have to both agree and disagree.

Yes, there is a huge gap between the public and private research
communities.  This division was very apparent at WOOT this year.  There
was a sea of blank stares and misguided questions during Charlie's JS
presentation and a bunch of confused faces when we were discussing
"Dowd-weeks" as a security assurance metric.  Simply put, if you want to
filter down the proceedings to the interesting presentations, a simple
`grep -v University` of the author institutions is sufficient.

But I disagree with the "in or out" approach.  WOOT certainly has a
difficult task: it only attracted a low 20-some submissions this year,
is scheduled right next to BH USA, and lacks any incentive for private
researchers to bring their work into the USENIX arena, just to name a
few of the problems.

However, if WOOT can narrow that gap between the public and private
communities ever so slightly (or even decrease the rate of the gap
widening), or convince 30-some academics that they are so far behind the
curve of offensive research, then I think it has achieved its goals.

Regards,
Jon Oberheide

On Fri, 2008-08-01 at 11:25 -0400, Dave Aitel wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

These are not the papers you're looking for.
http://www.usenix.org/event/woot08/tech/full_papers/

Seriously, there's nothing there to scare an network offense 
professional. I don't think it's w00t's fault, either. I think the 
research communities are diverging into public and private, as this 
research gets more expensive to do.

USENIX may not be the place for academic treatment of offensive security 
research. A friend of mine wonders if there's any future for academic 
treatment of the subject at all. He wonder's wistfully of course, since 
he likes academia.

Anyways, either be scary or be silly. There's no middle ground here. 
It's a fundamental truth in this field: You're either in, or you're out.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIkysFtehAhL0gheoRAnyWAJ9TKJVNITG4RHQe/gFkA5oF4ar/SwCeMEdj
J0NkyoTLEpaNjC8LU8C70nM=
=hdCB
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

-- 
Jon Oberheide <jon () oberheide org>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

w00t 08 Dave Aitel (Aug 01)
- Re: w00t 08 Charles Miller (Aug 02)
  - Re: w00t 08 Mike Patterson (Aug 02)
- Re: w00t 08 Jon Oberheide (Aug 02)
- Re: w00t 08 root (Aug 02)
  - Re: w00t 08 nnp (Aug 03)
    - Re: w00t 08 Katie M (Aug 03)
    - Re: w00t 08 dan (Aug 04)
    - Re: w00t 08 Dean Pierce (Aug 03)
    - Re: w00t 08 dan (Aug 03)
    - Re: w00t 08 Adam Shostack (Aug 03)
    - Re: w00t 08 Charles Miller (Aug 04)
    - some ISECOM releases Pete Herzog (Aug 07)