November 2009
The conference I'm at, CCS 2009, is scheduled to wrap up a little later today. It's been a great conference so far, and I've fully enjoyed attending it. But it occurred to me that this is the fifth major computer-security conference I've attended, and that there are some big differences between them. As a service to students and young researchers, therefore, I'd like to present a very personal and biased overview and comparison of major security conferences so that readers can decide which ones are the best uses of their travel budgets.
The always interesting Jon Katz has recently posted a number of thought-provoking articles on the state of computer-security research and some problems therein. (See here and the follow-up here.) I have my own thoughts on the general issue (which I will post about later) but wanted to quickly reply to one particular suggestion from the comments: that we don't need journals, or at least we don't need paper journals.
In reply, I would like to state as clearly and as emphatically as I can: we need paper journals. Why? Because we are not the end of history.
