Disagree on Spectre and Meltdown; Jann Horn and Paul Kocher were not infosec academia and were the first discoverers (academia reverse engineered from Linux changes); AFL forks: Not sure whether stringent evaluation will confirm the "more effective" claim. Agreed on Nexmon & RH.

I am not academia either.

So lots of bad papers come out of infosec academia, but certainly, there is a lot of good stuff coming from academia. With the exception of Spectre/Meltdown, the side channel space is completely dominated by academia. CFI started in academia. etc.

CFI didn't start in academia but with yours truly ;). hint: pax-future.txt

I should have guessed that. Apologies.

Many things are discovered multiple times It happens so often that me or my colleagues have a brilliant idea and just in the search for related work discover that someone already had this idea, often under a different terminology. And I consider it a good sign to have ideas that

and what do you do with those discovered related works? bury them and never ever mention them in your own work or give proper credit? as a sidenote, the CCS05 CFI paper references my other work (ASLR), *except* the one that made their work not novel.

Cite it. Kind of stupid or passive aggressive question ;)

thanks for playing, it was neither :). you just shamed pretty much the entire academic CFI crowed.

I disagree on that part. You assume things you cannot know, that is someone being aware of a specific work maliciously avoids citing it for whatever reasons. And additionally, as this went through peer review, that the reviewers were fine with this. [1/2]