Dear Readers,
It was only a matter of time until Peter G. Neumann would be a recipient of a "Test of Time" award at the Symposium on Security and Privacy, and 2025 was the year for it. He and his co-authors on a 2015 paper regarding their work on a hybrid capability model for a secure processor received the award at the conference in San Francisco. The other winner was also from 2015, and the subject of work was "machine unlearning". The security community has learned a lot from both papers.
In other news, I notice a lack of news. My perusal of the media is short on the usual round of reported vulnerabilities and attacks on various industry segments seems oddly thin. There is some news from NIST about a methodology for assessing "likelihood of exploitation", and the Federal law enforcement groups have, in concert with overseas counterparts, shut down some bad operators. It seems, though, that we may be losing situational awareness through news starvation.
Fight On, Harvard
Fight fiercely, Harvard
Fight, fight, fight
Take them to the legal floor.
Albeit they possess the might
Nonetheless we have the law.
Fight fiercely, science,
Fight, fight, fight
Let our methods find the truths
Albeit they possess the might
Nonetheless we have the proofs.
Fight fiercely, crypto,
Fight, fight, fight
Protect communication privacy,
Albeit they'll have quantum comp
But we'll be safe with PQC.
Fight, fight, fight
(And do fight fiercely, seriously).
(Apologies to the infinitely witty Tom Lehrer).