Most publicly available data on cyber incidents comes from private companies
and non-academic sources. Common sources of information include various
security bulletins, white papers, reports, court cases, and blog posts
describing specific events, often from a single point of view, followed by
occasional academic sources, usually conference proceedings. The main
characteristics of the available data sources are: lack of peer review and
unavailability of confidential data. In this paper, we use an indirect approach
to identify trusted sources used in scientific work. We analyze how top-rated
peer reviewed literature relies on the use of non-peer reviewed sources on
cybersecurity incidents. To identify current non-peer reviewed sources on
cybersecurity we analyze references in top rated peer reviewed computer
security conferences. We also analyze how non-peer reviewed sources are used,
to motivate or support research. We examined 808 articles from top conferences
in field of computer security. The result of this work are list of the most
commonly used non-peer reviewed data sources and information about the context
in which this data is used. Since these sources are accepted in top
conferences, other researchers can consider them in their future research. To
the best of our knowledge, analysis on how non-peer reviewed sources are used
in cyber-security scientific research has not been done before.

By admin