TY - JOUR JO - Security & Privacy, IEEE TI - I Am a Scientist, Not a Philosopher! T2 - Security & Privacy, IEEE IS - 4 SN - 1540-7993 VO - 5 SP - 48 EP - 51 AU - Peisert, S. AU - Bishop, M. Y1 - July-Aug. 2007 PY - 2007 KW - computer science education KW - research and development KW - security of data KW - computer security research KW - experimental validation KW - flaw classifications KW - formal proof KW - scientific experimentation VL - 5 JA - Security & Privacy, IEEE DOI - 10.1109/MSP.2007.84 AB - We longer live in the era of Aristotelian philosophers or alchemists attempting to turn lead into gold. Yet, you might be forgiven for thinking we were, after observing many computer security researchers' claims - even in papers published in peer-reviewed journals and conference proceeding. Computer security is both an art and a science, but researchers frequently fail to follow the scientific method to support the claims they make in scientific, peer-reviewed papers. Some computer security research is highly mathematical and can be proven formally without experimentation. This article presents a method for scientific experimentation when others aren't appropriate or can't be readily applied. Our goal is to further motivate researchers to apply science to experiments and, in concert with our earlier work, offer a new technique for doing so. ER -