Another great idea I had that was ignored... sort of.

Sep. 21st, 2007 09:57 am
yesthattom: (Default)
[personal profile] yesthattom
Microsoft is reaping the benefit of taking security seriously by using a plan of attack that I wrote a paper about in early 2002. I’m not saying they stole it; I’m saying that it was obvious enough that they came up with it too. The paper never saw the light of day because I submitted it to the Usenix Security Conference and it was rejected.

I wish I had the rejection letter. The committee’s feedback was that they couldn’t see how it would be useful (but I can’t remember the exact words they used).

This morning I spent some time searching my old email archives and it looks like I deleted everything older than 2004. Ugh.

Is it too egotistical to think that if the paper had been accepted at the conference then this might be called “The Limoncelli Model” and others would have used it?

(and like a fool, I didn’t think to include this material in the next edition of The Practice of System and Network Administration!)
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Date: 2007-09-21 05:04 pm (UTC)
From: [identity profile] gerardp.livejournal.com
You're ahead of your time ...

Date: 2007-09-21 08:26 pm (UTC)
ext_171739: (Torchwood)
From: [identity profile] dieppe.livejournal.com
Ahhhh.. include it in a Tuesday bugfix release! ;)

Date: 2007-09-22 06:05 pm (UTC)
From: [identity profile] awfief.livejournal.com
Of course it wasn't useful. You wrote the paper in early 2002, and yet the slashdot article and the Computerworld article to which it refers speak of "the new Security Development Lifecycle implemented in development practices nearly six years ago."

Nearly 6 years ago = early 2002. You probably would have had your ass sued by Microsoft and in jail for being part of a security leak.

:) Does that help with the bitterness you're feeling?

I'm actually kind of surprised, since usually you say things like "I came up with that years ago, everyone ignored me!" but are glad that your idea is in place now. Are you wishing that it was named after you or used? Not that they're exclusive, but.....

You're still *my* hero, by the way. And I think that many conference committees end up regretting about half the papers they accept *and* reject. :-\ Doesn't help your pain. *HUGS*

Date: 2007-09-22 06:34 pm (UTC)
From: [identity profile] yesthattom.livejournal.com
It's not so much that I wanted it named after me. I don't think they saw the draft; they came up with it on their own... it's pretty obvious if you think hard about the problem. I really wish it had been published so that other companies could have considered it. Now companies will be adopting it, 5-years late, and claiming to copy a MS best practice.
  • Add Memory
  • Share This Entry
Threaded | Top-Level Comments Only

Profile

yesthattom: (Default)
yesthattom
Tom's Homepage

December 2015

S M T W T F S
  12345
6789 101112
13141516171819
202122 23242526
2728293031  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 3rd, 2026 03:33 pm
Powered by Dreamwidth Studios