by Antriksh Shah

Reviewers of Nullcon CFP talk to us about the common mistakes researchers make and how to avoid them

That feeling when your research paper makes it at a global event is amazing. But many researchers have been on the other side of the table. The disappointment of a rejected paper is often lesser than not knowing why your paper didn’t make the cut. We’ve been there too. And so while we are gearing up for Nullcon 2018 and receiving a bunch of research papers for our ongoing CFP, we interviewed our reviewers and did some researching ourselves to get the answers. Here’s a cheat sheet of things that matter to reviewers:

Newness of a topic

This might be most overused and underestimated reason for rejection of a paper. As a reviewer, you who probably looks at hundreds of research paper, the newness of a topic is the first thing that makes a reviewer sit up and take notice.

"Any paper that is breaking new ground is always the one that gets instant attention. This need not necessarily be on the hottest new technology, it could even be a completely new way of approaching an issue that we have all known for long," says Lavakumar Kuppan, web security researcher and author of IronWASP.

Research papers at the end of the day are a two-way learning street.

"If you can teach me something new, I will recommend accepting your paper," Justin Searle, Managing Partner of UtiliSec.

Clarity on objective

Poorly-defined objective of the research is one of the prime reasons why a reviewer might lose interest in your paper.

"If I get to the end of the paper and don't clearly understand what you will be presenting and why it is important, I will probably reject it," says Justin.

Poorly defined or ambiguous objectives, lack of technical details and lack of proof of concept code or tool are the major mistakes that researchers make, according to reviewers.

Backing up claims

A lot of papers start out with interesting propositions, but the ones among them that make the cut are those that back their research with substantial proof in terms of data.

"Someone could submit a paper titled ‘How to hack a satellite with your mobile phone’, as interesting as that sounds it cannot be selected if there is not enough data provided to convince the reviewers that the researcher actually has a credible technique to achieve it," says Lava.

Technical research and its accuracy

Technical correctness and accuracy is a must for every research paper. Doesn't matter if your presentation in the paper is poorly worded, if your paper has sound technical details, it will stand out on its own. There is no substitute to a submission that displays the results of deep and extensive research on a topic.

"I look for technical details of the solution with a proof of concept code or tool that ensures that the solution is feasible," says Abhisek Datta, security researcher and founder of 3slabs.

Researchers advise focusing on the technical quality of the paper rather than focusing on flamboyance.

"The last paper I ever want to read or accept is a paper that tries to hype up a topic with a lot of pretty words and carries a pretentious display of one's abilities or accomplishments, but when I finally get past all of that, I find out that there is no substantial technical meat in the document," says Justin.

Besides these main focus areas, reviewers say the selection of papers also depends on the relative quality of a submission rather than its absolute quality. If there are several good submissions in a year then the level of competition goes up.

However, if the researchers think their paper did not get treated fairly it helps to talk to the reviewers directly during the conference to understand their point of view. This dialogue could be a learning experience for both the researcher and the reviewer.

In short, keep your paper concise, simple, targeted and focused on the technology and concept.


Antriksh Shah

Antriksh is a Security Analyst from Goa. He is associated with null The Open Security Communities initiatives and organizing its annual flagship conference called as nullcon. His area of interest lies in VAPT, Web Application Security, Network Auditing & Forensics. He is very active with Pune Cyber Crime Branch and assisting them with investigation cases.