Best Cybersecurity Conferences to Submit to in 2026

July 1, 2026  ·  9 min read

Security research is published in a relatively small set of elite venues, and the field has unusually strong norms around what constitutes a valid contribution. Unlike some areas where conference prestige is ambiguous, the security community has a broadly agreed-upon tier structure, and the venues you publish in will significantly shape how your work is received by the community, by hiring committees, and by program committees for future submissions. This guide covers the major venues for 2026 and how to position your work effectively.

The Big Four: Security's Elite Tier

The cybersecurity research community recognizes four conferences as the most prestigious venues, often called the "Big Four": IEEE S&P (Oakland), ACM CCS, USENIX Security, and NDSS. A publication at any of these venues signals top-tier work to the community, and many academic job listings and promotion files treat them as a coherent prestige category. Understanding what distinguishes them from one another helps you target appropriately.

IEEE S&P (Oakland): Prestige and Breadth

The IEEE Symposium on Security and Privacy, universally known as Oakland, is widely regarded as the most prestigious security conference. It covers the full spectrum of security and privacy research, from cryptographic protocols to systems security to privacy-enhancing technologies. Oakland has historically been associated with particularly rigorous review standards and a culture of expecting solid, well-scoped contributions rather than ambitious overclaiming.

Oakland is an excellent target for:

  • Foundational cryptography and protocol analysis
  • Privacy measurement and privacy-enhancing technologies
  • Systems security with strong real-world motivation
  • Formal verification of security properties

The conference now runs multiple review cycles per year, making it more accessible in terms of submission timing. Expect rigorous, expert reviews and a culture that values precision in threat modeling and claims.

ACM CCS: Systems and Applied Security

The ACM Conference on Computer and Communications Security (CCS) is broadly scoped and has particular strength in applied cryptography, network security, web security, and software security. CCS tends to be receptive to larger, more complex systems papers where the contribution comes from designing and evaluating a complete security system rather than from a single elegant insight.

CCS is a natural home for:

  • Applied cryptography implementations and protocol deployments
  • Web security — browser security, authentication, web application vulnerabilities
  • Network security and intrusion detection
  • Software security including vulnerability discovery and binary analysis

The CCS review process includes a revision (shepherd) phase for conditionally accepted papers, which gives authors an opportunity to address reviewer concerns before final acceptance. This is a significant advantage for papers with promising ideas that need refinement.

USENIX Security: Systems and Practical Attack Research

USENIX Security has a strong culture of practical, systems-oriented security research. It is particularly welcoming of attack papers — papers that reveal new vulnerabilities in real systems, demonstrate novel attack techniques, or provide large-scale empirical measurement of security properties in deployed infrastructure.

USENIX Security is the right venue for:

  • Novel attack demonstrations on real systems or hardware
  • Large-scale security measurement studies (scanning the internet, analyzing malware corpora, etc.)
  • Operating system and kernel security
  • Mobile and IoT security

USENIX Security runs a rolling review model with multiple deadlines throughout the year, and papers can be shepherded between cycles. The conference has a strong tradition of full open-access publication, which increases the reach of accepted work.

NDSS: Network and Distributed Systems Security

The Network and Distributed Systems Security Symposium (NDSS) focuses, as its name suggests, on network security, distributed systems security, and related areas. NDSS is the most accessible of the Big Four in terms of acceptance rates in some years, but it maintains a genuine top-tier reputation. It is an excellent venue for solid, well-executed work on network protocols, DNS security, BGP routing security, botnet analysis, and related topics.

Researchers earlier in their careers sometimes find NDSS reviews more constructive than the other top venues. The community is engaged and the papers are well-read. For a network or systems security paper that is strong but might be borderline at Oakland or USENIX, NDSS is a rigorous and respected choice.

EURO S&P: Europe's Growing Security Venue

The IEEE European Symposium on Security and Privacy (EURO S&P) has grown significantly in prestige since its founding and now serves as an important venue for security researchers based in Europe or working on problems with European regulatory relevance — GDPR compliance, European critical infrastructure, and EU cybersecurity policy contexts.

EURO S&P is below the Big Four in prestige but above most other security venues, making it a strong target for papers that are solid contributions but not quite ready for Oakland or USENIX, or for researchers who want to build visibility in the European security community specifically.

The Artifact Evaluation Trend

One of the most significant recent developments across all major security venues is the formalization of artifact evaluation (AE). Most top security conferences now offer optional (or required) artifact evaluation alongside paper submission. Artifacts typically include:

  • Source code for tools or systems described in the paper
  • Scripts to reproduce key experimental results
  • Datasets used in the evaluation (where legally and ethically possible)
  • Virtual machine images or Docker containers for reproducibility

Papers that pass artifact evaluation receive a badge (functional, reusable, reproduced) that appears in the published proceedings. Increasingly, reviewers and readers use artifact badges as a signal of research quality. Submitting an artifact is no longer merely optional goodwill — it is becoming a competitive expectation at top venues. Prepare your artifact in parallel with your paper, not as an afterthought after acceptance.

Paper Style: Systems vs. Theory vs. Applied

Security papers span a wide style range, and matching your writing style to your contribution type matters:

  • Systems papers should lead with a concrete threat model, describe the system architecture clearly, and evaluate against realistic adversary capabilities. Do not bury the threat model in section 3.
  • Theory and cryptography papers must provide formal definitions, security proofs, and precise parameter specifications. Informal arguments are not acceptable at Oakland or CCS for cryptographic claims.
  • Attack and measurement papers must carefully address responsible disclosure. Include a disclosure timeline in the paper, and be prepared for reviewers to ask about it. Responsible disclosure is a community norm, not a formality.
  • Applied and empirical papers should clearly characterize the measurement methodology, dataset limitations, and potential biases. Security measurement papers that do not acknowledge limitations are viewed skeptically.

Submission Tips for Security Papers

  • State your threat model early and precisely: The threat model is the foundation of every security paper. Reviewers who cannot identify your threat model in the first two pages will struggle to evaluate your contribution.
  • Do not overclaim: Security reviewers are trained to find gaps between claims and evidence. A carefully scoped claim that you fully support will outperform an ambitious claim with gaps.
  • Address ethics proactively: If your research involves human subjects, vulnerability disclosure, or potentially sensitive data, address your IRB status and ethical considerations explicitly.
  • Plan for the revision cycle: Most top security venues now have shepherding or major revision processes. A conditional acceptance with required revisions is a genuine opportunity, not a rejection.

Track submission deadlines for IEEE S&P, CCS, USENIX Security, NDSS, and EURO S&P on LatestConferences.com — the rolling review cycles at some venues make keeping track of exact windows essential.

Final Thoughts

Security is a field with high standards, strong community norms, and a tight-knit review ecosystem. The same researchers review papers across the Big Four venues, which means reputation for rigor (or for overclaiming) travels across submissions. Build your submission around a precise threat model, validate your claims carefully, prepare your artifact early, and choose the venue whose community culture best matches your paper's style and contribution.