Academic friends, if a PhD thesis starts with a factually wrong representation of your work, do you
-
Academic friends, if a PhD thesis starts with a factually wrong representation of your work, do you
Thesis: "Asset-based modelling in particular has been shown to be advantageous in a number of respects (Shostack (2014)), including its capacity for conducting automated reasoning over a threat knowledge base."
In fact, I say something on the order of: "This is presented to explain why you shouldn't do it."
-
Academic friends, if a PhD thesis starts with a factually wrong representation of your work, do you
Thesis: "Asset-based modelling in particular has been shown to be advantageous in a number of respects (Shostack (2014)), including its capacity for conducting automated reasoning over a threat knowledge base."
In fact, I say something on the order of: "This is presented to explain why you shouldn't do it."
Generally I just ignore misunderstandings of my work, but here it's mis-used at the very start of section 1 to frame a research problem in a way that's the opposite of what I say.
-
Generally I just ignore misunderstandings of my work, but here it's mis-used at the very start of section 1 to frame a research problem in a way that's the opposite of what I say.
@adamshostack it seems an indication of a fundamental mistake in research. Which seems fundamental to the purpose of a dissertation. I might try and reach out to the author rather than the professor.
And definitely subtoot
-
@adamshostack it seems an indication of a fundamental mistake in research. Which seems fundamental to the purpose of a dissertation. I might try and reach out to the author rather than the professor.
And definitely subtoot
@petrillic @adamshostack +1 on the author. Then again, this is something the professor should have definitely catched ...
-
Academic friends, if a PhD thesis starts with a factually wrong representation of your work, do you
Thesis: "Asset-based modelling in particular has been shown to be advantageous in a number of respects (Shostack (2014)), including its capacity for conducting automated reasoning over a threat knowledge base."
In fact, I say something on the order of: "This is presented to explain why you shouldn't do it."
@adamshostack If the dissertation has been accepted, the cow is out of the barn. At MOST, I would collegially reach out to the author and inform them of the misinterpretation. If, as is often the case, they extend their research, they may have an opportunity to correct . Contacting anyone on their committee is the last thing I would do - the onus was on them to know whether the work they are supervising is correct in this regard. (I am NOT a Ph.D-haver, so...)
-
@adamshostack If the dissertation has been accepted, the cow is out of the barn. At MOST, I would collegially reach out to the author and inform them of the misinterpretation. If, as is often the case, they extend their research, they may have an opportunity to correct . Contacting anyone on their committee is the last thing I would do - the onus was on them to know whether the work they are supervising is correct in this regard. (I am NOT a Ph.D-haver, so...)
@walshman23 right. It's both out of the bag, and represents a failure of the supervision process...
It's not subtle either. What I say:
Focusing on Assets
It seems very natural to center your approach on assets, or things of value.
After all, if a thing has no value, why worry about how someone might attack it? It turns out that focusing on assets is less useful than you may hope, and is therefore not the best approach to threat modeling. -
Generally I just ignore misunderstandings of my work, but here it's mis-used at the very start of section 1 to frame a research problem in a way that's the opposite of what I say.
@adamshostack Sounds kinda, idk, like an LLM wrote it
-
@adamshostack Sounds kinda, idk, like an LLM wrote it
@wendynather Couldn't be! My books predate LLMs!
-
@wendynather Couldn't be! My books predate LLMs!
-
@wendynather Couldn't be! My books predate LLMs!
@adamshostack The dissertation, silly, not your magnum opus
-
Generally I just ignore misunderstandings of my work, but here it's mis-used at the very start of section 1 to frame a research problem in a way that's the opposite of what I say.
i'd say leave this to their thesis advisors. one of the advidor's jobs is to point out flawed starting assumptions and guide the PhD candidate into more solid footing.
-
Academic friends, if a PhD thesis starts with a factually wrong representation of your work, do you
Thesis: "Asset-based modelling in particular has been shown to be advantageous in a number of respects (Shostack (2014)), including its capacity for conducting automated reasoning over a threat knowledge base."
In fact, I say something on the order of: "This is presented to explain why you shouldn't do it."
@adamshostack +1 on letting the author know first. Iβd be honored by the contact and grateful for the correction.
-
Academic friends, if a PhD thesis starts with a factually wrong representation of your work, do you
Thesis: "Asset-based modelling in particular has been shown to be advantageous in a number of respects (Shostack (2014)), including its capacity for conducting automated reasoning over a threat knowledge base."
In fact, I say something on the order of: "This is presented to explain why you shouldn't do it."
@adamshostack No reason you canβt do both. Better β phrase the subtweet as a poll for maximum engagement!
-
@adamshostack No reason you canβt do both. Better β phrase the subtweet as a poll for maximum engagement!
@adamshostack @darthnull write the name down, put it in your phone's contacts, and 10 years from now when a special someone tries to interview for Shostack & Associates, have the thesis paper ready.
-
Academic friends, if a PhD thesis starts with a factually wrong representation of your work, do you
Thesis: "Asset-based modelling in particular has been shown to be advantageous in a number of respects (Shostack (2014)), including its capacity for conducting automated reasoning over a threat knowledge base."
In fact, I say something on the order of: "This is presented to explain why you shouldn't do it."
@adamshostack a subset of the population seems always determined to interpret cautionary tales as instruction manuals
-
R relay@relay.infosec.exchange shared this topic
