Re: Automatic Exploitation Paper Peer Review

[William Arbaugh <warbaugh () gmail com>]

> >
> Call me cynical but....

A tad bit - yes.

> If it has serious commercial potential, academics may be doing the 
> research, but saving the results for their side/spinout companies.

I disagree. At UMD, we moved research out to a spinout (Komoku). We also moved research from the spinout back into UMD 
(Nick Petroni's thesis). Nick formalized and extended the work we were doing at Komoku to automatically identify 
semantic integrity invariants via source code analysis. At Komoku, we were finding memory invariants via winbag and 
ad-hoc (but fruitful) methods.

I think you may find the same situation at GaTech with Wenke Lee and Damballa. Wenke published a fair amount prior to 
Denballa, and he still is.

> The really interesting research (or least the well funded-research) gets 
> funded by DoD, with classified results, and never gets published.

This is changing slowly. DARPA is now starting to fund interesting unclassified research, e.g. CINDER and ADAMS. Doug 
Maughan at DHS has always funded interesting unclassified research. NSF has always funded interesting things as well.


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave