March 29, 2001, 4:06 PM —
I don't attend very many conferences, mostly because I have to cover the expense myself. However, the 9th Annual Usenix Security Symposium held this past August in Denver looked too good to miss.
I wasn't disappointed. In fact, I wondered why I'd waited so long to attend a Usenix conference. It was probably because I felt that I could just read the research papers instead of actually attending, but that's like shunning a concert with backstage passes because you can buy a CD. There's so much more to the live conference than the purely technical presentations.
This article describes my view of the conference -- it's by no means a complete picture, as it's impossible for one person to attend every talk. For a complete review of the conference, I urge you to get the November 2000 issue of ;login magazine (a publication of Usenix and SAGE).
Dr. Blaine Burnham presented an interesting keynote address, "Design Principles of Simplicity." "Why do buffer overflow attacks still work?" he wondered. He went on to stress that security should not be an add-on. In some ways, Dr. Burnham was preaching to the choir. I know several managers and developers who refuse to accept that security needs to be designed into the architecture from the start.
As an example to illustrate his point, he referred to weeds indigenous to the American Southwest known as goatheads. These nasty little weeds produce spiked seeds that are the bane of bicyclists. Dr. Burnham pointed out that experienced cyclists quickly learned to take countermeasures to protect their tires. Why hasn't the software industry learned to take appropriate countermeasures that protect systems before they're flattened? he asked. Security must be designed into the system, not added on later.