Spaf also laments academic security research. He says: "As I write this, I’m sitting in a review of some university research in cybersecurity. [...] What strikes me about these efforts — representative of efforts by hundreds of people over decades, and the expenditure of perhaps hundreds of millions of dollars — is that the vast majority of these efforts have been applied to problems we already know how to solve."
Hell yeah!!! More people want to invent NIDS, honeypots and secure OS than I care to see. Why? WHY? W-H-Y? There are so many worthwhile security problems that will benefit from a rigorous academic approach, but people still pick their research topics off the dirt pile ... Take security economics, for example.
Possibly related posts: