1. 12
  1. 7

    This is a great write-up. It goes into exactly what I had to slog through for over 10 years to get to the point I can explain what I know in IT and INFOSEC, esp esoteric stuff. It was all scattered among tens of thousands of books, papers, and articles I had to go through. I got quick at looking at abstracts & dissecting highlights from the papers of many fields. The intuition I developed sped the process up a lot. Most I haven’t fully digested because that’s difficult as the OP suggests. Yet, I’m sure based on seeing it all that much of it could’ve been summarized or introduced better to save me literally man-years of effort.

    Heck, we even occasionally get that in the form of survey papers. They often won’t serve as an introduction. Yet, an introduction combined with a good survey will give you quite the head start on where the field is, maybe some of the why, and what you might want to do. The OP overestimates the work required to do that given each sub-field might just need 1-4 experts doing both of those periodically. So, for each subfield, you just try to convince about that many to create those resources. Also, do whatever it takes to make sure the resulting publications are posted wherever newcomers are likely to see them. Each time you succeed, you enable a huge swath of people to get past a lot of research debt.

    The distilling part in general is a cultural problem that also has high amount of effort. I don’t have any suggestions on how to fix that. I think these problems with academic culture will require top-down solutions from groups controlling them and/or funding bodies. That is if you want major change instead of just small groups doing better.

    1. 3

      FWIW, IEEE S&P has a dedicated category for “SoK” papers; S&P is a fairly major conference, so that helps at least a little: https://www.ieee-security.org/TC/SP2017/cfpapers.html.

      I agree with you, but fixing this may not be that hard.

      1. 2

        Hm I haven’t heard the term SoK, but I like it. I would love to see a list of SoK papers across all subfields of computer science.

        I have a few that are good, like “Abstract machines for programming language implementation”


        And there are a few on MapReduce-type systems.

        1. 2

          That was a good one. Btw, you can share this research more easily if you post it in more accessible form. Preferably right to the PDF or something with easy link. Best resource is here:


          Type name into it to probably get description, metadata, and PDF link as so:


          Just save them, bookmark the links, etc.

        2. 2

          The final . was included in the link by accident. The correct link is


          1. 1

            Yeah, that’s the sort of thing I’m talking about. Each sub-field could get a lot done with just a handful of people. Btw, while trying to re-create history of high-assurance security, I did find an important summary that came from S&P where they sort of surveyed themselves & INFOSEC field:


            Note: Paywalled of course… (rolls eyes) I suspect that’s part of the reason most INFOSEC people don’t know INFOSEC. They never saw the important work, techniques, case studies, and so on. Most still cant tell me what a covert channel is or how they’d find them in their favorite OS/stack.