The IEEE Security and Privacy Symposium was held this month, and it was a very successful meeting by all measures. Attendance was up, paper submissions were up, the weather was beautiful, and it was good to see so many faces, both familiar and new.
During one break at the conference I described my experience in perusing the website of a software vendor whose software vulnerability to a worm was the subject of several recent news stories (these seem time to coincide with Cipher issues, just so I will have something to mention in the editor's letter). After spending 30 minutes at the vendor's website, I was no wiser than when I started as to whether or not my machines might be susceptible and what the risks of applying the patch might be. Everyone I talked to said they applied the critical patches without question, having given up on understanding them several years ago. The gap between theory and practice inexorably widens.
In the March Cipher issue, which came out very shortly after the terrorist bombings in Spain, I offered condolences to our Spanish readers. I was reminded by another reader about how widespread the victims of terrorism are, and in the subsequent weeks, it seems that each day has brought a fresh reason for mourning. As security researchers we are united in our desire to protect computer systems, and I hope that through our work we also contribute to protecting lives.
We are at the height of conference season, and I hope some of you will take a few moments to enlighten us with impressions from the numerous workshops and conferences through the summer and fall. News reports from government and standards bodies and announcements of support for computer security research are also good material to contribute to Cipher. In this issue we have a report from two IETF members about revisions to the Extensible Authentication Protocol (EAP), and I hope have more such reports in the future.
I am grateful to all our contributors for helping to make Cipher relevant and timely.
May the worm be not with you,
cipher-editor @ ieee-security.org