Security conferences are important venues at which academics and practitioners share knowledge about new attacks and state-of-the-art defenses. Despite this, researchers have not studied who shares information and about which security topics. To address this, our study characterizes the speakers, sponsors, and topics presented at the most prestigious academic and industry conferences. We collect a longitudinal data set that contains 9,728 abstracts and 1,686 sponsors across 4 academic and 6 industry conferences. There is limited knowledge sharing between industry and academia. Conferences vary significantly in the equality of how talks/authorship is distributed across individuals. The topics of academic and industry abstracts display consistent coverage of techniques within the MITRE ATT&CK framework. Top tier academic conferences, as well as DEFCON and Black Hat, inconsistently address the governance, response and recovery functions of the NIST Cybersecurity Framework. Commercial InfoSec and insurance conferences (RSA, Gartner, Advisen and NetDillgience) cover the framework more consistently. Prevention and detection remain the most common topic of talks, with no clear temporal trend.

翻译：安全会议是学术界与从业者分享新型攻击手段及前沿防御知识的重要平台。然而，目前鲜有研究系统分析信息分享的主体及其关注的安全议题。为此，本研究对最具影响力的学术界与工业界会议中的演讲者、赞助商及议题进行了特征分析。我们构建了一个包含4个学术会议与6个工业界会议共计9,728篇摘要及1,686个赞助商的纵向数据集。研究发现：学术界与工业界之间存在有限的知识共享；不同会议在演讲/作者署名分布的平等性方面差异显著；学术与工业界摘要所涉议题在MITRE ATT&CK框架覆盖的技术领域呈现一致性。顶级学术会议及DEFCON、Black Hat在NIST网络安全框架的治理、响应与恢复功能维度覆盖不均衡，而商业信息安全与保险类会议（RSA、Gartner、Advisen及NetDilligence）对该框架的覆盖更为全面。防御与检测始终是演讲中最常见的议题主题，且未呈现明确的时间趋势。