Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Amit Klein (aksecuritygmail.com)
Date: Wed May 23 2007 - 06:27:17 CDT
Arian J. Evans wrote:
> On 5/22/07, *Amit Klein* <aksecuritygmail.com
> <mailto:aksecuritygmail.com>> wrote:
> Fair enough. Still, I expect at least the websecurity mailing list to
> give credit where credit is due...
> Hmm, good point, No argument, but...as we see more of this
> character encoding set awareness I wonder:
> 1. Where do you draw the line on what is "new"?
The way I see it, and I think it addresses the rest of your points (in
your original email) is that the researcher should attempt to find the
most similar/relevant prior art, and then discuss how (if at all...)
his/her findings differ. This provides the public with:
- Acknowledgment (and credit) of prior art
- Explanation of what is "really" new
So if say the web-app-sec researcher applies techniques from the AV
world to the web-app-sec world, he/she should credit the AV prior-art,
and explain that those techniques are applied in the paper to the
web-app-sec world, with the twists X, Y and Z.
Or you can say something like: In this research I combine evasion
techniques A (credit to...), B (credit to...) and C (credit to...) to
bypass system X.
By subscribing to this scheme, the author makes it much easier to
evaluate his/her paper. The author does most of the work (finding prior
art, comparing their findings to prior art), and the readers judge
whether this is new enough/interesting.
As for research in non-English languages - that's where *I* draw the
line. I assume that everyone can (and should) read English nowadays, and
I do not expect anyone to be aware of non-English prior art. However, if
such prior art becomes known to the author, it's his/her duty to credit
the authors of such text, of course.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/