Why Is Our Security Research Failing? Five Practices to Change

Explore a critical analysis of current cybersecurity research practices in this 17-minute conference talk from USENIX Enigma 2023. Delve into Marcus Botacin's findings from a systematic literature review of over 400 malware research papers published in reputable venues over the past two decades. Discover the five high-level categories of challenges and pitfalls identified in security research, including lack of diversity in study types, misalignment with industry needs, overemphasis on market focus, absence of field guidelines, and the reproducibility crisis. Learn about proposed solutions to mitigate these issues, tailored for different stakeholders in the field. Gain insights on improving research methodologies, developing longitudinal studies with representative populations, establishing clearer guidelines for experiments, and encouraging diversified study types in academic venues.