This past week I discovered that an article I submitted to the Information Systems Security Association (ISSA) Journal had been selected for publication, and made the cover. Although I am part of the editorial board (the shark tank, as we call it), I submitted it anonymously, and made the cut. Needless to say, I was thrilled.
The article was about medical device security, and I have a Google Alert set up for medical device security. The day after my article was published, I saw a Google Alert that pointed to an article with a similar title. My article is called "Oh, Hackable You!" and the similarly titled article was "The Hackable You." Interesting.
When I went to the website, I realized that the author of the article had, quite literally, completely plagiarized my article. He changed the introduction a bit, copied and pasted the entire rest of the article WORD FOR WORD, and then changed the conclusion a bit. It was obvious and willful fraud, and I was livid.
I immediately posted this on my Twitter feed, and what happened next truly reminded me why I absolutely love working with the information security community. My dear friend Travis Goodspeed (who has over 2700 followers) re-tweeted it and then embarked on a quest to find out more about this person, who, as it turns out, is a serial plagiarist. He quickly discovered that dozens of members of the infosec world had been plagiarized by this person, and let them all know that this had happened, which unleashed a Twitter storm like nothing I had ever witnessed. Within hours the organization he works for had pulled the blog, issued a public apology, and called me (and at least one of the other writers) and personally apologized for the incident(s).
What amazes me about the information security community is that it has evolved into a very tight brotherhood, independent of any "official" regulatory body. Every member of the community is charged with the duty of policing even other member, and NOBODY gets a pass go. Anyone who tries to enter the infosec world and attempt to sell snake oil is immediately smacked down by the community. It took me years of hard work to get to the point in my career where the community accepted me as one of their own, and I have to say that I am completely overwhelmed by the support, and knowledge that by brothers (and sisters) in the information security world are there for me...and I for them.