Last December, I defended my PhD at the University of Michigan. At the time, I’d been in grad school for four and a half years, and I’d been working with my research group for another year before that. I also went to Michigan for undergrad, so I’ve been living in Ann Arbor for nearly nine years. Why did I do this? Before I go on, I want to say a few things up front.
In my experience, a lot of the non-academics in the security research community aren’t nearly as familiar with which academic conferences are notable, so here they are. These conferences are not structured like many “industry” conferences. Instead, these conferences consist of presentations of peer-reviewed academic papers that were submitted to and peer-reviewed by the conference’s publication committee (PC). Security Conferences This is a rundown of the “big four” top-tier academic conferences in computer security.
An article has been going around the Internet recently, arguing that branded vulnerabilities are no longer helping application security and have instead become an instance of the “boy who cried wolf” phenomenon. The Badlock bug is a textbook example of over-hyping vulnerabilities for marketing purposes rather than for promoting good security hygiene. The disclosing team’s dubious motivations have been written about extensively over the last several weeks, and “thought leaders” are currently mocking the badlock hashtag on Twitter, including a full-blown parody bug called Sadlock.