Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Thinking Beyond the Ivory Towers
Dave Aitel, 2008-05-15

In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.

Comments Mode:
Thinking Beyond the Ivory Towers 2008-05-15
Anonymous
Excellent piece, Dave. The sky is always falling these days and Chicken Little has a loud voice as always.
Also, isn't it funny how the word shibboleth is a shibboleth in and of itself?...

[ more ]  [ reply ]
Thinking Beyond the Ivory Towers 2008-05-16
Stephen L (1 replies)
"If you've listened to Halvar Flake at BlackHat for the past six years, this will sound eerily familiar." As a regular attendee of BlackHat, I don't recall Halvar Flake ever even discussing the possibility of automatically generating PoCs from patches, let alone fleshing the idea out, implementing ...

[ more ]  [ reply ]
Re: Thinking Beyond the Ivory Towers 2008-07-07
Halvar
Reference:

http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vega
s-V7-Halvar_Flake-Need_New_Tools.mp4

Starts at minute 27, Challenge #5. Describes generating equation systems from program paths and feeding them to a SAT solver to be solved (which is roughly what APEG does).

This is j...

[ more ]  [ reply ]
To be fair... 2008-05-22
Anonymous
To be fair to the APEG guys, Halvar Flake actually called their work impressive. I would tend to suspect most of their concern about the sky falling relates more to a desire for publicity than anything else....

[ more ]  [ reply ]
Thinking Beyond the Ivory Towers 2008-05-24
Anonymous
Mr. Aitel,

Thanks for writing this article. I wholly agree with just about everything you said in it!

A lot of academics are just bullshit. Look at the profs at MIT who do research in security. They're terrible!...

[ more ]  [ reply ]
Thinking Beyond the Ivory Towers 2008-05-26
Anonymous
By drawing sweeping conclusions about the academic community from one paper, the author does exactly what he accuses the entire academic community of....

[ more ]  [ reply ]
Thinking Beyond the Ivory Towers 2008-05-27
Anonymous
I think the communication gap may be even greater than you imply, since I think you misunderstand (at least part of) their paper when you say:

"[Attackers] don't repeatedly launch attacks and hope that luck is on their side. You rarely get the chance to run your exploit twice these days."

If t...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus