For CSE 484 / CSE M 584 this year, we will use a forum in our exploration of the broader contextual issues surrounding computer security. In past years we used a blog. Please familiarize yourself with this post from 2007; it explains some of the reasons why we originally used a blog for CSE 484 / CSE M 584. In short, the blog was designed to be a vehicle for proactively developing "The Security Mindset." Class participants posted blog entries analyzing the security of existing products and reflecting on current events, and used the blog's comment feature to engage in conversations with others. However, one of the big downsides with the blog is that it really wasn't as interactive as one might want. That's why we switched to a forum last year and will continue to use a forum this year.
They say that one of the best ways to learn a foreign language is to immerse yourself in it. If you want to learn French, move to France. The forum is designed to immerse you in the security culture and to force you to think about security on a regular basis, such as when you're reading news articles, talking with friends about current events, or when you're reading the description of a new product on Slashdot. Thinking about security will no longer be a chore relegated to the time you spend in lecture, on assigned readings, on textbook assignments, or on labs. You may even start thinking about security while you're out walking your dog, in the shower, or at a movie. In short, you will be developing "The Security Mindset" and will start thinking like a seasoned security professional.
It is also extremely important for a computer security practitioner (and actually all computer scientists) to be aware of the broader contextual issues surrounding technology. Technologies don't exist in isolation, rather they are but one small aspect of a larger ecosystem consisting of people, ethics, cultural differences, politics, law, and so on. The forum will give you an opportunity to discuss and explore these "bigger picture" issues as they relate to security. As an added bonus, the forum will also give you an opportunity to exercise your writing and critical thinking skills in a cooperative learning environment with your peers.
Your article should: (1) summarize the current event; (2) discuss why the current event arose; (3) reflect on what could have been done different prior to the event arising (to perhaps prevent, deter, or change the consequences of the event ); (4) describe the broader issues surrounding the current event (e.g., ethical issues, societal issues); (5) propose possible reactions to the current event (e.g., how the public, policy makers, corporations, the media, or others should respond).
Your chosen current event should not be the same as a previous current event article discussed in the forum.
There are some examples of past current event articles here. (You might have to scroll down a bit.)
It's OK if two articles review the same technology, say the Miracle Foo. But if you're the second reviewer of the Miracle Foo, you need to: (1) explicitly reference the earlier articles; (2) provide new technical contribution; (3) don't waste space repeating what the previous review said. (3) is important since you are all required read this forum, and it's not fair to ask your fellow students to spend time re-reading previously-posted material. For (2), new technical contributions might include: a new perspective on the risks; a new potential attack vector; or a new defensive mechanism.
Each security review should contain:
You will receive extra credit for posting current events and security reviews early. Each current event and each security review post is worth 12 points. If you submit your first security review in the 4th week of the quarter, it will get 1 extra credit point, if you submit it in the 3rd week of the quarter it will get 2 extra credit points, and so on. The same extra credit strategy applies to the current event articles.
Of course, there's another reason to post early: this course is quite demanding and we suspect you'll only get busier as as the quarter progresses. Plus, remember that each current events article must discuss an event that was not previously discussed on the forum. This means that the earlier you post your current event article, the easier task you'll have at finding an interesting event to discuss.
Current event and security review submissions cannot be late -- the course late policy does not apply to these assignments.
First, you should submit each to the forum. Note that you can pick a pseudonym for the forum, if you wish (but course staff will still be able to map from your real identities to your pseudonym). You don't need to include your name(s) in the forum post, though you are also welcome to if you wish.
Second, save a copy of your current event article or security review in PDF form (e.g., print to PDF on a Mac) and upload the PDF to the course Catalyst submission system. If you work with someone else on your current events article or security review, then only one of you should upload the PDF to the course submission server. However, make sure that the names of all contributors are at the top of the first page of the PDF. This process will facilitate our ability to grade the current event articles and security reviews (e.g., batch printing of PDFs).