Thursday, December 20, 2007

Spaf on Academic Security Research (... Silliness)

Spaf also laments academic security research. He says: "As I write this, I’m sitting in a review of some university research in cybersecurity. [...] What strikes me about these efforts — representative of efforts by hundreds of people over decades, and the expenditure of perhaps hundreds of millions of dollars — is that the vast majority of these efforts have been applied to problems we already know how to solve."

Hell yeah!!! More people want to invent NIDS, honeypots and secure OS than I care to see. Why? WHY? W-H-Y? There are so many worthwhile security problems that will benefit from a rigorous academic approach, but people still pick their research topics off the dirt pile ... Take security economics, for example.

Possibly related posts:

2 comments:

Andy Steingruebl said...

You lost me...

Was "Security Economics" something that should or should not be researched more? Seems to me that some of the better applicable research being done on actually making improvements in security are coming from the metrics and economics crowds... or do you disagree?

Anton Chuvakin said...

Sorry for the confusion! I think it SHOULD be researches more by BOTH security and economics crowds....

Dr Anton Chuvakin