Proceedings of the 2011 workshop on New security paradigms workshop
Realizing scientific methods for cyber security
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Point-and-shoot security design: can we build better tools for developers?
Proceedings of the 2012 workshop on New security paradigms
Hi-index | 0.01 |
As researchers with scientific training in fields that depend on experimental results to make progress, we have long been puzzled by the resistance of the experimental computer science community in general, and computer security research in particular, to the use of the methods of experimentation and reporting that are commonplace in most scientific undertakings. To bring our concerns to a broader audience, we proposed a discussion topic for NSPW 2010 that covers the history and practicality of experimental information security with an emphasis on exposing the pros and cons of the application of rigorous scientific experimental methodology in our work. We focused on discussion points that explore the challenges we face as scientists, and we tried to identify a set of concrete steps to resolve the apparent conflict between desire and practice. We hoped that the application of these steps to the papers accepted at NSPW could be an early opportunity to begin a journey toward putting more science into cyber science. The discussion, as expected, was wide ranging, interesting, and often frustrating. This paper is a slight modification of the discussion proposal that was accepted by NSPW with the addition of a brief summary of the discussion.