Monday, May 19, 2008

Academia vs. professional researchers

Dave Aitel recently posted “Thinking Beyond the Ivory Towers”, an article I found really interesting. Dave has earned a reputation for being wicked smart, ninja level at zero-day vulnerability identification/exploitation, and unapologetic in his views on various controversial infosec subjects. I’ve had the pleasure of getting to hang out with him on occasion over the years and have always found his opinions to be extremely thought provoking. Most of all Dave’s a person that when he speaks, whether you tend to agree or disagree, you listen. So when Dave starts discussing the true practicality of automatic exploit generation from patches, I’m all ears.

The lead in and the ending kinda give you the tone of the middle. :)

“In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.”


...

"That's why people who write papers in LaTeX two-column format end up saying the sky has a high negative trajectory, while the rest of us wish they'd stop living in the clouds."

No comments: