

An open letter to the security community - steveklabnik
http://alexgaynor.net/2013/aug/03/open-letter-security-community/

======
marshray
As an attendee at Defcon right now I agree with you, it is a rather hostile
group.

> Invites to parties being handed out to male speakers and not female speakers

My guess is this was a result of an oddball selection process rather than
anti-female bias. I have never seen a party at Defcon didn't already have a
huge surplus of males.

> Women stripping being used as a prize in hacker jeopardy

> Jeopardy game features the category "hot pussy"

> Objectifying content on slides

I find this whole Las Vegas scene to be gross. Most indoor places stink like
cigarette smoke.

Nevertheless, let's not take Defcon and other Jeff Moss/Dark Tangent
productions as representative of the "security community". There are a great
many other people in security who go out of their way to be welcoming and
respectful.

> Hacking devices of new users at conferences is considered completely
> acceptable

This is well known. One of the functions of Defcon is as an exploit/malware
trading market.

> I can only conclude you don't want to be welcoming to new users.

Should they be? It's a place for amateur hackers, pros, double agents, Feds,
and internationals to gather in the same place for a few days with a tacit
understanding of some relaxed rules. It's a once a year opportunity for many
attendees but its not for everyone.

------
americorn
This should be directed at the convention instead of the entire security
community.

------
munin
this is probably not the best argument, because DEFCON has been this way since
the beginning (I have been to a lot of them) and the security community as a
whole has never really been accepting, forgiving, or inclusive.

so when you make a post that says "your community stinks and I won't be a part
of it", the majority response will be "good, we didn't want you anyway".

maybe you could point out that the community loses a lot of potentially
awesome contributors by being so exclusive, but the community will be quick to
point out the large number of awesome contributors they already have, and how
those contributors themselves are prickly, women-hating and exclusionary, and
they'll be right.

in short, I don't know what you can do as an outsider beyond ignore it. as an
insider, those in the community who agree with you are in the minority, and
generally disinterested in engaging with the majority of the community because
they are terrible (and also generally quite stupid). I don't really have a
long-term interest in being associated with the security community, and am not
at DEFCON this year for that reason.

it's a weird, insular and perverted thing that has marginal societal good. the
societal good that comes out of computer security is often not connected to
what you conceive of as "the security community", but rather professional
researchers and engineers that work for universities and major corporations.
so, my advice is, ignore the "security community". it will die. let it die.

------
revelation
This is like ranting at a beehive. The security community is not the
homogenous, closed group this poster seems to assume.

------
tinco
The issues with sexism are terrible indeed, organizers should be ashamed of
allowing such things to happen.

But the thing with hacking devices.. that's exactly what makes the security
conferences so awesome. I've been wanting to go to a real security conference
since I was 12 because of things like that. You say it scares away new users,
I say it draws them in.

Complaining about people breaking into your phone, what are you doing at a
security conference anyway? Last time I checked the site of a security
conference it had a detailed guide on how to prevent this from happening to
you.

It would be a terrible thing if the baby was thrown out with the bathwater.

