Thinking Beyond the Ivory Towers

Thinking Beyond the Ivory Towers
Dave Aitel, 2008-05-15

In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.

Expand all | Post comment

Thinking Beyond the Ivory Towers 2008-05-15
Anonymous

Thinking Beyond the Ivory Towers 2008-05-16
Stephen L (1 replies)

Re: Thinking Beyond the Ivory Towers 2008-07-07
Halvar

To be fair... 2008-05-22
Anonymous

Thinking Beyond the Ivory Towers 2008-05-24
Anonymous

Thinking Beyond the Ivory Towers 2008-05-26
Anonymous

Thinking Beyond the Ivory Towers 2008-05-27
Anonymous

I think the communication gap may be even greater than you imply, since I think you misunderstand (at least part of) their paper when you say:

"[Attackers] don't repeatedly launch attacks and hope that luck is on their side. You rarely get the chance to run your exploit twice these days."

If the issue is an attack on a specific system or network, I agree with you. But attacks with broad targets (e.g., zombie recruitment, credit card or other sniffing on personal computers) *do* get multiple chances to work, just maybe not on the same computer.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/472/35063#35063