| 2008 | A profitless endeavor: phishing as tragedy of the commons. Cormac Herley, Dinei A. F. Florêncio |
| 2008 | Choose the red pill Ben Laurie, Abe Singer |
| 2008 | Localization of credential information to address increasingly inevitable data breaches. Mohammad Mannan, Paul C. van Oorschot |
| 2008 | Proceedings of the 2008 Workshop on New Security Paradigms, Lake Tahoe, CA, USA, September 22-25, 2008 Matt Bishop, Christian W. Probst, Angelos D. Keromytis, Anil Somayaji |
| 2008 | ROFL: routing as the firewall layer. Hang Zhao, Chi-Kin Chau, Steven M. Bellovin |
| 2008 | Security compliance: the next frontier in security research. Klaus Julisch |
| 2008 | The compliance budget: managing security behaviour in organisations. Adam Beautement, Martina Angela Sasse, Mike Wonham |
| 2008 | The developer is the enemy. Glenn Wurster, Paul C. van Oorschot |
| 2008 | The ecology of Malware. Jedidiah R. Crandall, Roya Ensafi, Stephanie Forrest, Joshua Ladau, Bilal Shebaro |
| 2008 | The user is not the enemy: fighting malware by tracking user intentions. Jeff Shirley, David Evans |
| 2008 | Towards an ethical code for information security? Steven J. Greenwald, Brian D. Snow, Richard Ford, Richard Thieme |
| 2008 | Trading in risk: using markets to improve access control. Ian M. Molloy, Pau-Chen Cheng, Pankaj Rohatgi |
| 2008 | We have met the enemy and he is us. Matt Bishop, Sophie Engle, Sean Peisert, Sean Whalen, Carrie Gates |