This is the 2019 update of the System Security Circus.

TLDR - Main Takeaways
  • We now have 20 years of data for all six conferences in the dataset!
    Overall, this accounts for 120 venues and 5102 papers written by 8598 unique authors from 1117 affiliations located in 60 different countries.

  • Last year the number of submissions to the Top4 decreased slightly.
    This year we are back to normal - with the numbers fitting almost perfectly an exponential curve (see graphs below).
    If this is confirmed, the curve predicts 3093 submitted papers in 2020 (240 more than this year) and 3482 in 2021 (630 more than now!). Program chairs, plan accordingly!

  • Despite the inevitable overlapping due to the rolling deadlines, we keep seeing people reviewing for all Top4 in the same year. Combined with the increased size of PCs, this may be a sign we are struggling to find enough good reviewers to keep up with the number of submissions.
    Also, this can make even harder for second and third-tier conferences to fill their program committees.

  • Security research keeps getting more and more international, with several countries that are now involved in a relevant percentage of papers (graphs below). + Germany and UK immediately come to mind, but China in particular made huge progress over the past decade.

Submissions

If you were concerned (or relieved) about the 2018 inflection, worry no more. The number of submissions to the Top4 is back to where the exponential curve expected it to be. All conferences were able to absorb the extra number of submissions by accepting more papers (in total 18% more papers than in 2018) - resulting only in a small decrease of the overall acceptance rate:


./submission_tot.png ./acceptance_rate.png

If this exponential growth continues we will soon be in trouble. The best fitting curve predicts 3093 submissions in 2020 and 3482 in 2021. That is a ~22% increase wrt 2019.. which means either larger conferences or lower acceptance rates, and almost 2K additional reviews! (counting 3 per paper in average).

The trend for second tier (which is still RAID + ACSAC but I plan to include a third one soon) is less clear, but it seems to fit better a somehow linear increase:

./tier2_submission_tot.png ./tier2_acceptance_rate.png

Program Committees


./committees.png ./tpc_overlap.png

2019 was also the first year in which more than 300 distinct people served in the Top4 program committees. This is good (more people involved in the community) but also frightening (as it is roughly half of the number of researchers that published more than three papers in the Top4 over the past 20 years).

The need for good reviewers also results in more and more people who are involved in several committees in parallel. Few are heroic (or crazy) enough to even accept to review for all conferences in the same year (even despite the inevitable overlapping due to rolling deadlines). For instance, in the past three years this happened 16 times — compared to only 10 times in the previous 17 years!

Authors & Affiliations


The number of new authors and the number of new affiliations that are observed for the first time each year are plotted below.
I used these graphs in the past to show that the community is growing.

./new_auth.png ./new_affl.png

However, this year I tried to dig deeper to understand what is really behind this increase. So, I counted the Top4 papers in which all the authors never published in the Top4 before. In other words, these are the really new entries in the community, while the others could simply be new students of an established professor. Similarly, I counted the percentage of papers where all authors were previously known (i.e., there was no new authors). Here is the plot:

./new_all_authors.png ./max_papers_per_person.png

It is interesting how stable the values are over the past ten years. Basically, each year between 88% and 94% of the papers have at least one previously known author, and between 15% and 22% have only previously known authors.

Authors per Paper


./avg_authors_x_paper.png ./max_authors_x_paper.png

This year we have a new record for the number of co-authors in a paper ("Five Years of the Right to be Forgotten" with 20 co-authors).
Overall, the average number of authors per paper raised to 4.92.

Collaborations among Countries


./single_affl.png ./single_country.png

Both the percentage of single-affiliation and of single-country papers are diving and in 2019 almost half of the papers are the result of an international collaboration.

./us_decline.png ./new_countries.png

US-based researchers are still involved in the vast majority of the papers, but they are not anymore the sole driving force. In particular, many other countries are rapidly raising - with German authors now involved in almost one paper out of five.
One of the most impressive improvements is certainly represented by China. Top papers from China almost did not exist until 2011, but today Chinese researchers are involved in over 10% of the papers.

Collaborations among People


Looking at individual collaborations, there are 234 authors with more than 10 publications in the Top4. It is quite interesting to note that if we plot them on a graph, the graph is fully connected (with a diameter of 7).

To make things more readable, I show here only the subgraph that includes researchers with at least 10 joint publications. From last year we have few more small clusters in the figure, but the main change is probably XiaoFeng cluster that doubled its size:

./connected_graph_10.png

  • The Authors table with stats from all conferences, and that dedicated to the Top4 conferences only

  • The affiliations table (world-wide, EU-only, US-only, and rest of the world).
    Detailed info for each institution is also available by clicking the links in the tables.

  • You can also check the previous versions of the Security Circus for 2018, 2017, 2016, and the original post in 2015.

CURRENT VERSION: 5.0.0
(major version changes when I add new stats or new venues, minor if stats are modified, build number keeps track of typos and spellings mistakes)