Related Work#

A considerable part of our work is to find and read papers published by other researchers.

Finding Related Work#

The usable security and privacy research community mostly publishes at conferences and workshops, not in journals. Below, you can find some strategies to find papers that might be related to your work.

Peer review: You should focus on high-quality, and peer reviewed related work. Avoid wikipedia articles, blog posts, news websites and arxiv publications!

Using Search Engines#

Search engines should be your first starting point to find related work. You can use general purpose search engines such as Google or Bing. However, there are search engines that focus on scientic literature:

Springer, Elsevier and others: There are many more digital libraries and services such as Elsevier and Springer. While you might find relevant related work there, you should start with the (more accessible, often free) ACM Digital Library and IEEEXplore.

Checking References#

Papers cite papers and get cited by papers. Hence, checking references is a good strategy to search for related work.

The References Subsection#

If you find an interesting paper, check its References subsection for similar and related work. Not each cite might be relevant. However, it is a good start.

Google Scholar#

While checking the References subsection of a paper helps you find papers that the paper you read cites, it does not help with finding papers that cite the paper you read. Instead, you can use the Google Scholar service. They maintain a list of papers that cite the paper you read, e.g. this Google Scholar site lists all papers that cite Yas’ “You get where you’re looking for: The impact of information sources on code security” paper.

Reading Proceedings#

Conference or workshop proceedings list the venue’s program. You can often find related work by searching through the proceedings and check paper titles, authors, and abstracts. Going back five years is probably enough to find the most relevant work; going back further might be necessary to get a complete picture.

Below is list of conferences and workshops that regularly publish high-quality usable security and privacy research (links might break over time, should be findable by googling name):

Top 4 Security#

• IEEE S&P (Oakland) – Systems-oriented, formal, and high-impact security research
• ACM CCS – Broad security scope including theory, systems, and applied work
• USENIX Security – Practice-focused, empirical systems security and implementation work
• NDSS – Networked systems, protocol-level security, and emerging threat research

Specialist Conferences#

• SOUPS – Usable security and privacy, focused on human-centered evaluations and design
• SecDev – Developer-focused security practices, tools, and secure development lifecycle
• SCORED [workshop] – Software supply chain risk, dependencies, build integrity
• PETS – Privacy-enhancing technologies, anonymous communication, unlinkability
• EuroUSEC – European venue for usable security and privacy, human factors in security

2nd Tier#

• ACSAC – Applied systems security, often practical and implementation-focused
• EuroS&P – European counterpart to IEEE S&P, strong but newer
• ASIA CCS – Regional variant of CCS with growing visibility and solid technical papers

Software Engineering#

• ICSE – Flagship venue for software engineering, occasionally includes security process/tooling
• ICSME – Software maintenance, evolution, long-term vulnerability management
• MSR – Empirical studies using code repositories and developer activity data

Humans#

• CHI – Human-computer interaction, mental models, usable security
• ACM CSCW – Collaboration and social computing, including studies of security norms