| Product Privacy Journey: Towards a Product Centric Privacy Engineering Framework | PEPR '20 | Igor Trindade Oliveira |
| Responsible Design through Experimentation: Learnings from LinkedIn | PEPR '20 | Guillaume Saint-Jacques |
| A Differentially Private Data Analytics API at Scale | PEPR '20 | Ryan Rogers |
| Wikipedia and the Lean Data Diet | PEPR '20 | Nuria Ruiz |
| Privacy Professional Boss Mode | PEPR '20 | |
| Privacy in Deployment | PEPR '20 | Patricia Thaine, Pieter Luitjens, Parinaz Sobhani |
| Design of a Privacy Infrastructure for the Internet of Things | PEPR '20 | Norman Sadeh |
| A Backdoor by Any Other Name, and How to Stop It | PEPR '20 | Maximillian Hunter |
| Building an Effective Feedback Loop for Your Privacy Program through Privacy Incident Response | PEPR '20 | Sri Pravallika Maddipati |
| When Things Go Wrong | PEPR '20 | Lea Kissner |
| Assessing Privacy Risk with the IPA Triad | PEPR '20 | Mark Funk |
| Engineering Ethics into the NIST Privacy Framework | PEPR '20 | R. Jason Cronk |
| Taking Responsibility for Someone Else's Code: Studying the Privacy Behaviors of Mobile Apps at Scale | PEPR '20 | Serge Egelman |
| When Engineers and Lawyers Talk: Right-Sizing Your Data Protection Risk Profile | PEPR '20 | Rafae Bhatti |
| AURORA: Statistical Crash Analysis for Automated Root Cause Explanation | USENIX Security '20 | Tim Blazytko, Moritz Schlögel, Cornelius Aschermann, Ali Abbasi, Joel Frank, Simon Wörner, Thorsten Holz |
| Shim Shimmeny: Evaluating the Security and Privacy Contributions of Link Shimming in the Modern Web | USENIX Security '20 | Frank Li |
| Everything Old is New Again: Binary Security of WebAssembly | USENIX Security '20 | Daniel Lehmann, Johannes Kinder, Michael Pradel |
| SmartVerif: Push the Limit of Automation Capability of Verifying Security Protocols by Dynamic Strategies | USENIX Security '20 | Yan Xiong, Cheng Su, Wenchao Huang, Fuyou Miao, Wansen Wang, Hengyi Ouyang |
| BigMAC: Fine-Grained Policy Analysis of Android Firmware | USENIX Security '20 | Grant Hernandez, Dave (Jing) Tian, Anurag Swarnim Yadav, Byron J. Williams, Kevin R.B. Butler |
| PhishTime: Continuous Longitudinal Measurement of the Effectiveness of Anti-phishing Blacklists | USENIX Security '20 | Adam Oest, Yeganeh Safaei, Penghui Zhang, Brad Wardman, Kevin Tyers, Yan Shoshitaishvili, Adam Doupé |
| See No Evil: Phishing for Permissions with False Transparency | USENIX Security '20 | Güliz Seray Tuncay, Jingyu Qian, Carl A. Gunter |
| A different cup of TI? The added value of commercial threat intelligence | USENIX Security '20 | Xander Bouwman, Harm Griffioen, Jelle Egbers, Christian Doerr, Bram Klievink, Michel van Eeten |
| HybCache: Hybrid Side-Channel-Resilient Caches for Trusted Execution Environments | USENIX Security '20 | Ghada Dessouky, Tommaso Frassetto, Ahmad-Reza Sadeghi |
| TPM-FAIL: TPM meets Timing and Lattice Attacks | USENIX Security '20 | Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, Nadia Heninger |
| CopyCat: Controlled Instruction-Level Attacks on Enclaves | USENIX Security '20 | Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar |