Cipher Issue 163, September 27, 2021, Editor's Letter

Dear Readers,

As we near the end of the year, we note that planning is well underway for the 2022 security research conferences sponsored by the Technical Committee on Security and Privacy. The deadline for papers for the flagship event, the Security and Privacy Symposium, is coming up December 2. After that, there will be three opportunities to submit papers for 2023.

The conferences altogether offer publication opportunities for thousands of high quality research papers. This is a remarkable growth rate and represents a huge increase in knowledge about all aspects of security and privacy. If you have a contribution, please consider submitting a paper to SecDev, HOST, S&P, EuroS&P, or CSF (see for links.

Computer security problems are like COVID-19. They emerge in new forms with distressing regularity, the cost of eliminating them is higher than society can bear, and it is a depressing fact that we have to live with bad things threatening us all the time. Computer security failures, though, kill few people, whereas the death toll in the US from COVID-19 is on track to be the most lethal event the country's history. Technology has been very good at invention but seems to let us down on protection and maintenance. There's no magic in the long term.

Snarky comment of the bimonth:
There's probably no better way to fail at solving a problem than by declaring a "war" on it. If we had declared war on the moon, we probably never would have put a spacecraft on it. Please don't declare war on software vulnerabilities!
      Hilarie Orman