Ruth 2025

One-Liner

Governments’ security guidance lack overall consensus in both formatting as well as actual practice; we find this out using treeeeees.

Novelty

new tree similarity mechanism similar to edit distance
first hand-labeled ontological dataset for security guidance

Notable Methods

download security guidance
label guidance into multi-level controls
tree distance metric for similarity

Ruth, Kimberly, Raymond Buernor Obu, Ifeoluwa Shode, Gavin Li, Carrie Gates, Grant Ho, and Zakir Durumeric. n.d. “A First Look at Governments’ Enterprise Security Guidance.” In USENIX Security Symposium.