I have prepared a paper to publish in a web security conference. How can I know the ranking of available conferences to know which conference is better? For example, should I look at their sponsors?
-
What kind of paper? What kind of conference? Are you looking for a peer-reviewed conference with a formal proceedings? Is this an academic research paper? Is it a white paper? A presentation focused at a conference for practicing professionals? These are extremely different, and the advice will depend greatly on your answer. – D.W. Apr 23 '11 at 05:04
3 Answers
If you are asking about an academic peer-reviewed conference on web security, I have some thoughts for you.
First, the four most prestigious peer-reviewed conferences in computer security are generally considered to be IEEE Security & Privacy ("Oakland"), Usenix Security, ACM Computer and Communication Security (CCS), and ISOC Network and Distributed System Security (NDSS). Folks will debate the order, but most people will probably say that Oakland is the most prestigious of these and NDSS the least. All of those conferences will accept web security papers, if they are strong enough. Usenix Security and NDSS probably are the conferences that are most closely aligned with web security. Papers have to have an exceptionally strong contribution to be accepted at these top-four research conferences. If you are active in the computer security research community, you probably already know about these four.
Second, there are other peer-reviewed conferences and workshops that focus specifically on web security. W2SP is a fantastic workshop that accepts many strong research papers on web security each year. You could also look at WWW and Usenix WebApps; their focus is on web technology in general, but they tend to accept several security papers each year. If you are active in the computer security research community, you should already know about these conferences, I'd hope.
Finally, there are many other peer-reviewed security and web conferences that accept good web security papers. For example, you might look at ones like ESORICS, ACSAC, DIMVA, RAID, and too many others to list.
One last piece of advice: Before submitting to any of these conferences, you must first become an expert on the published peer-reviewed literature on this topic. Read through the proceedings of the last few years of the conference. Also, read the other published work that is related to your own research. There is a tremendous amount of prior work on web security; it is important that you be familiar with it and able to articulate how your work fits into the past work and how it advances the state of the art. If you are not familiar with the related work, and not familiar with the standards of the conference, it is not likely that your paper will be accepted by the conference's program committee.
- 98,420
- 30
- 267
- 572
This will depend an awful lot on what audience you want. Some conferences are more technical (eg Defcon), some are very commercial (RSA, Infosec, Blackhat), some are focused on Risk, Compliance, Governance, Audit, Security or a range of topics.
If I were you I would look at their stated audience, their sponsors, their mission statement, previous years' agendas and speaker list and see what the best fit for you is.
- 61,367
- 12
- 115
- 320
-
Thanks, May I ask your opinion about wise (International Conference on Web Information System Engineering)? Thanks. – Shadi Apr 18 '11 at 16:23
-
@shadi - my opinion could be entirely irrelevant to you, as my focus is enterprise wide security, but from what I know of WISE, and a quick look at last year's program (http://conference.cs.cityu.edu.hk/wise2010/program.pdf) it is not a security conference. It is as the name suggests, about system engineering. There is likely to be an element of security, as there is in any IT conference. As I said in my question, you need to think about the audience you need for your paper. – Rory Alsop Apr 18 '11 at 16:28
Since you asked about WISE, I assume you are looking for an academic conference?
Here is an excellent ranking of security/crypto conferences: Security (MS Academic)
And here is the equivalent for WWW conferences: WWW (MS Academic)
Not all of these conferences will accept a paper on web security, so you can look at the Call for Papers to check. Most general security conferences accept web security papers now (they are popular) and most general WWW conferences accept papers with a security slant.