Jan 01 2009
∞
“ Much of the tech world is obsessed with engaging in macho pissing contests, but no part more so than computer security. In the case of yesterday’s announcement, the researchers in question were more concerned with their ability to present their findings at a popular hacker conference than with guaranteeing the safety of the Internet. Why else would they put the organizations they disclosed their findings to under NDA and not consult the authorities on the most widely-deployed SSL implementations? Building reputations and managing PR is the order of the day. This culture of one-upsmanship doesn’t mean that computer security is a stagnant discipline. It does, however, mean that the people who choose a path of humility about their work don’t get the rewards – financial and otherwise – that they deserve. This is a shame, and it’s to the detriment of digital security as a whole. My coworker suggested that an academic, peer-reviewed approach to security research would ultimately be more beneficial to the Internet community as a whole. I don’t have the authority to comment, but I do feel that most anything else would be an improvement on the traveling hacker conference circus we have today.
