SoS Musings #2 - Empirical Research
SoS Musings #2
Empirical Research
Lately I have been reading a lot of security papers. What I am reading describes a preponderance of empirical work. What is satisfying about what I am seeing is there is less of “fix a bug” work and more of studying a class of problems. Unfortunately, what is weak, in most cases, is the pursuit of the underlying causes of the empirical findings. This I fear is at best incomplete results. In general, it leads to better security/privacy. Without knowing the cause, it can divert science. Other work based on it can chase tangential effects as meaningful diverting researchers and corrupting research. It can also lead to continued on-going work without a scientific conclusion needed to build a Security Science.
So, what should be done? Nothing! —to a point. Well done empirical research provides a basis of reality to results; however, we must be on guard about its shortcomings. It would be interesting to know how much of this work ever gets put into practice.