Closure Thoughts Hoisted to Posts

Academic Security Conferences

In my experience, a lot of the non-academics in the security research community aren’t nearly as familiar with which academic conferences are notable, so here they are. These conferences are not structured like many “industry” conferences. Instead, these conferences consist of presentations of peer-reviewed academic papers that were submitted to and peer-reviewed by the conference’s publication committee (PC). Security Conferences This is a rundown of the “big four” top-tier academic conferences in computer security.

On Branded Vulnerabilities

An article has been going around the Internet recently, arguing that branded vulnerabilities are no longer helping application security and have instead become an instance of the “boy who cried wolf” phenomenon. The Badlock bug is a textbook example of over-hyping vulnerabilities for marketing purposes rather than for promoting good security hygiene. The disclosing team’s dubious motivations have been written about extensively over the last several weeks, and “thought leaders” are currently mocking the badlock hashtag on Twitter, including a full-blown parody bug called Sadlock.