Skip to Main Content
We longer live in the era of Aristotelian philosophers or alchemists attempting to turn lead into gold. Yet, you might be forgiven for thinking we were, after observing many computer security researchers' claims - even in papers published in peer-reviewed journals and conference proceeding. Computer security is both an art and a science, but researchers frequently fail to follow the scientific method to support the claims they make in scientific, peer-reviewed papers. Some computer security research is highly mathematical and can be proven formally without experimentation. This article presents a method for scientific experimentation when others aren't appropriate or can't be readily applied. Our goal is to further motivate researchers to apply science to experiments and, in concert with our earlier work, offer a new technique for doing so.