So this week I’m off to Metricon and Usenix Security. Many of my co-workers are off (to present an entire track) at Blackhat. What I find really interesting is that there are these two separate streams of security research, one academic and one hacker, in the most positive sense of the word. Both have produced excellent research. Both have their own forums, conferences, journals and jargon. Both have strong traditions of acknowledging the work you build on. “What’s new about this?” is a fair question in both communities. Sometimes, that question crosses the boundary.
See, for example, the 4th comment on “Ignoring the ‘Great Firewall of China’,” where Bill Xia complains that “I explained this mechanism in 5th HOPE conference” and then adds in a burst of honesty, “Sorry the slides are hard to read without the video presentation.”
These two streams of research are so separate that I’ve heard few complaints that the two conferences are overlapping. That’s a shame, because there’s good work being done in both of them. The highly practical orientation of the hackers finds real flaws. Ideally, that would dovetail with the theoretical underpinnings that the academic community has.
The picture, of course, is from Ghostbusters.