For 17 years, the Workshop on Cyber Security Experimentation and Test (CSET) has been an important and lively space for discussing all encompassing cybersecurity topics related to reliability, validity, reproducibility, transferability, ethics, and scalability—in practice, in research, and in education. Submissions are particularly encouraged to employ a scientific approach to cybersecurity and demonstrably grow community resources.

For CSET '25, we solicit exciting work across a broad range of areas relevant to security and privacy. A list of topics of interest (broadly interpreted):

* Cybersecurity research methods: designing and conducting large and complex system evaluations in the context of cybersecurity, i.e., experiences and discussions of qualitative and quantitative methods, what are the models and tools that facilitate research.
* Measurement and metrics: measurement required to understand performance and optimization of cybersecurity systems and defining appropriate metrics, i.e., valid metrics, test cases, and benchmarks, effectiveness of metric in evaluation, impact of measurement on evaluation.
* Data sets: collection, analysis, and interpretation of data for cyber security, i.e., what makes good data sets and how do we compare data sets, methods to collect, generate, or derive new ones, historical impact of a dataset.
* Experimental infrastructure: testbeds, simulations, emulations, and virtualizations, i.e., designing, orchestrating, and deploying testbeds, tools for improving testbed operation and maintenance, usage and impact studies of experimentation infrastructure.
* Education: surveys, tools, and techniques for cyber security education and training, i.e., evaluating and presenting educational approaches to cybersecurity, approaches that leverage datasets, utilize testbeds, apply experiential learning principles, or promote awareness of research methods and sound measurement approaches.
* High consequence cyber systems: rigorous experimental methodologies, i.e., appropriate design of experiments, parameter sampling strategies, quantifying uncertainties with confidence intervals, ensuring reproducibility, and validating models.
* Ethics in cybersecurity: tussle between security and privacy, i.e., experiences balancing stakeholder considerations, participant privacy, frameworks for evaluating the ethics of cybersecurity experiments, and illustrative experiment samples for ethical conduct that upholds the code outlined in http://cpsr.org/issues/ethics/cei/.
* Evaluating real-world security controls: measurements of deployed security frameworks, i.e., evaluation methodologies for real-world security performance, user-related characteristics (behavior, demographics) modeling, cybersecurity and social media.