Given their attitude, it's unlikely they'll get it right. They'll keep telling people "that's not a real attack" and making up excuses. Then someone will publish a real attack, and they'll patch over it. Repeat.
The "smugness" is pointing out problems in their implementation, despite them going on about having "ACM champions" that took two years to design it, so it obviously must be perfect.
If someone pitched a database that simply mmap'd a file and then called it "fully transactional and safe", they'd get a lot of strong criticism.
I am with you. ACM Champions mean a shit to me, and I have enough publications in crypto and secure communication to claim that I am a ACM Champion, and BTW I have a PHD actually related to security and crypto. But, NONE of my credentials is a valid argument about how secure my protocols are.
This kind of attitude (trust us, we have enough credentials to show) seems to be a universal problem with people in academics. Come on, don't do this. We all get the sense that you have to bluff to get your paper published, but this is not going to work for a product to be accepted.
The "smugness" is pointing out problems in their implementation, despite them going on about having "ACM champions" that took two years to design it, so it obviously must be perfect.
If someone pitched a database that simply mmap'd a file and then called it "fully transactional and safe", they'd get a lot of strong criticism.