I guess many will get the joke on the (undecidable) halting problem -- still, hackish or partial solutions can be attempted and will answer sometimes.
Coming back on the main topic: industry vs academia Being myself a mid-product, neither fully academic nor practical mind, i have a mitigated opinion. In the case of AEG, we are in presence of high quality formal research for a security problem. I understand why Sean is annoyed by a couple of disturbing claims that everyone already identified. Exploitation is much more than input-of-death generation (else we could say a fuzzer is almost a AEG system, which clearly it is not) Now, let me ask you: are the best security industry experts capable of such a formal development? Wouldn't their attempt be comparable to the (inverse) attempts of Brumley & al at stepping into the exploit world, in terms of short-comings and clumsy claims? I don't think the folks at CMU wanted to fool anyone, they were simply under-educated in the area of exploitation. Still I find the article they wrote very valuable (just as Sean's thesis is -- maybe more comparison with his work would have been welcome, both works are more academic than anything else after all). I do not see a reason to trash academia or even the authors themselves for having over-estimated the impact of their practical contribution. If industry or a academia is seeking for more respect or collaboration potential from the other side, we should all avoid giving head butts to each other and educate / be educated on what the other is better at. My 2c, Julien On Dec 11, 2010, at 19:00, Chris Eagle <[email protected]> wrote: > On 12/11/2010 1:22 PM, Fergie wrote: >> Something I used to tell my troops when I was in the Army ... Don't sit >> back in your area and bitch about something. Anyone can bitch. If you >> bring a problem to light, bring a potential solution as well... >> >> I don't mean that as harsh as it sounds when I read it back. I just mean to >> say that all of you smart folks who identify these problems can surely posit >> a solution to them.... > > So, there's this little problem I have where given a program to analyze, > all I want to know is whether it ever exits. Now having brought the > problem to light, I am afraid I have no solution, perhaps you can help? > > Sometimes the "solution" is to point out that there is no solution, or > that any potential solution is orders of magnitude more difficult than > one might expect. > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
