Posted by Martijn Grooten on Aug 9, 2017
Two weeks ago, we opened the call for last-minute papers for VB2017. Like most CPFs, the number of submissions will far exceed the number of available slots. There is no golden rule for getting your submission accepted at our or any other conference, but here are five things that could help improve your chances.
Let's face it: if your research into a botnet that uses Windows XP machines to mine Bitcoin is up against a submission about an APT group that uses three zero-days to bridge air-gaps, you'll have a harder time convincing a selection committee of the value of your work.
Now, we can (and probably should) have a discussion about whether our focus as a community is the right one, but if your research lacks a 'coolness' factor you will have to try a little bit harder. So do explain why your research may be relevant for the bigger picture, or what makes it unique. We actually value good research into less 'cool' subjects, but be aware that you may have to work a bit harder to convince us.
Your presentation time will be limited (30 minutes, in the case of the VB conference), and this naturally limits how much you'll be able to put into your presentation. Keep this in mind when writing the abstract: if you want to cover a lot, make it clear you'll only be touching the surface, or that you'll go into in more detail on just one or two things.
Every year, there are a number of abstracts that solicit a simple comment from selection committee members: 'Huh?!?'.
The members of the selection committee will have to wade through dozens of abstracts. They don't have the time to do background research or to read your submission three times to understand what you really mean. Make sure your abstract is clearly written and can be understood by anyone with some years of security experience.
We get it: your employer pays for the time you spend doing research, they pay for your travel expenses, and they miss you from the office for several days when you attend a conference. Of course they will want to see the exposure you get reflect well on them. That's fine: we, like most conferences, are happy for employers to do some marketing around your talk; we also are more than happy for you to use your logo on your slides.
But like most security conferences, the Virus Bulletin conference is not a marketing event. Unless it is particularly relevant to the talk (for example, Apple research into OS X malware), mentioning your company name in the abstract is likely to reduce your chances of being selected, so in case of doubt, don't do it.
Finally, most CFPs are several times oversubscribed. Based on past experience, there is about a 20% chance of your VB2017 last-minute submission being accepted. Please don't hesitate to ask for feedback on why your abstract wasn't selected, but do keep in mind that there isn't always a clear reason, other than the fact that the number of available slots was limited.
Luckily there are many security conferences. Keep working on your research, keep writing about it on blogs and social media, and keep submitting to CFPs. Your time will come!