In 2021, researchers from the University of Minnesota submitted a paper to the conference where they tried to introduce bugs into the Linux kernel, a widely-used operating system component without Institutional Review Board (IRB) approval.
The conference was initially conceived by researchers Stan Ames and George Davida in 1980 as a small workshop for discussing computer security and privacy.
Held initially at Claremont Resort, the first few iterations of the event witnessed a division between cryptographers and systems security researchers.
[4] In response, subsequent iterations of the conference integrated panels that encompassed both cryptography and systems security discussions within the same sessions.
Over time, the conference's attendance grew, leading to a relocation to San Francisco in 2011 due to venue capacity limitations.
Every year, a list of topics of interest is published by the program chairs of the conference which changes based on the trends in the field.
This approach deviates from the multi-track format commonly used in other security and privacy conferences, where multiple sessions on different topics run concurrently.
Nine reviewers also emphasized the importance of technical soundness in the implementation, while seven mentioned the need for a self-contained and complete evaluation, ensuring all identified areas were thoroughly explored.
[2] In 2021, researchers from the University of Minnesota submitted a paper titled "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits"[8] to the 42nd iteration of a conference.
[14] The fourth patch was merged, however, during a subsequent investigation it was found that the researchers had misunderstood the way the code worked and had submitted a valid fix.