I Am a Scientist, Not a Philosopher!
Published Web Locationhttp://www.sdsc.edu/~peisert/research/PB-IEEESP2007-ScientistPhilosopher.pdf
Computer security researchers have not generally applied the scientiﬁc method when conducting experiments, producing results, and making conclusive claims. Thus, researchers who have been claiming to be doing “science” generally are not. Therefore, we propose a new paradigm in computer security in which conclusions drawn from experiments that claim to be “science” actually rely on scientific principles and the scientific method.
We have previously discussed classical methods of conducting computer security experiments to obtain more scientiﬁcally valid results. In this paper, we propose a new method of conducting experiments, when one of the classical methods is unavailable or impractical.