Shostack + Friends Blog Archive

 

Don’t Cross the Streams?

cross-the-streams.jpgSo this week I’m off to Metricon [link to https://securitymetrics.org/content/Wiki.jsp?page=Metricon1.0 no longer works] and Usenix Security [link to http://www.usenix.com/events/sec06/ no longer works]. Many of my co-workers are off (to present an entire track) at Blackhat. What I find really interesting is that there are these two separate streams of security research, one academic and one hacker, in the most positive sense of the word. Both have produced excellent research. Both have their own forums, conferences, journals and jargon. Both have strong traditions of acknowledging the work you build on. “What’s new about this?” is a fair question in both communities. Sometimes, that question crosses the boundary.

See, for example, the 4th comment on “Ignoring the ‘Great Firewall of China’,” where Bill Xia complains that “I explained this mechanism in 5th HOPE conference” and then adds in a burst of honesty, “Sorry the slides are hard to read without the video presentation.”

These two streams of research are so separate that I’ve heard few complaints that the two conferences are overlapping. That’s a shame, because there’s good work being done in both of them. The highly practical orientation of the hackers finds real flaws. Ideally, that would dovetail with the theoretical underpinnings that the academic community has.

The picture, of course, is from Ghostbusters.

One comment on "Don’t Cross the Streams?"

  • David Molnar says:

    Well, some of us are heading to DEF CON after Usenix Security. No, it’s not Black Hat…but it is a lot cheaper. 😉
    There’s a similar-but-different story with cryptographers and computer security people, too — less direct duplication, more looking at the same problem in two different ways.

Comments are closed.