Sadly, this is the case at many major CS research universities. I'm working on my Master's in Cybersecurity at one of these universities and most of the papers we read are something the professor co-authored in '08 or '09. Network security, and most security classes in general, are being taught 15 year old material.
> † The network security course taught at major CS research universities was written at one place like 10 years ago and shared and handed down from semester to semester; I assume something similar happens here.
This couldn't ring more true, in my experience. Whats worse is that each year the material is lightly modified so that you're also dealing with 10 years of revisions creating an incoherent mess.
I’m speculating here but perhaps one factor that adds to this situation is that people who are good at the stuff taught in this course, and have skills that are up to date, will earn lots more working for a FAANG than in academia.
> † The network security course taught at major CS research universities was written at one place like 10 years ago and shared and handed down from semester to semester; I assume something similar happens here.
This couldn't ring more true, in my experience. Whats worse is that each year the material is lightly modified so that you're also dealing with 10 years of revisions creating an incoherent mess.