Call for Papers

International Workshop
on
Secure Software Engineering
in
DevOps and Agile Development
(SecSE 2018)
http://secse.org

Porto, Portugal, May 25, 2018

In conjunction with
XP 2018 - 19th International Conference on Agile Software Development, 21-25 May 2018
https://www.agilealliance.org/xp2018/

----------------------------------------------------------------------------------------
Contribute by either submitting a paper, or an ignite talk proposal (see details below).
----------------------------------------------------------------------------------------

Software security is about protecting information and ensuring that
systems continue to function correctly even when under malicious
attack. The traditional approach of securing a system has been to
create defensive walls such as intrusion detection systems and
firewalls around it, but there are always cracks in these walls, and
thus such measures are no longer sufficient by themselves. We need to
be able to build better, more robust and more "inherently secure"
systems, and we should strive to achieve these qualities in all
software systems, not just in the ones that "obviously" need special
protection.

This workshop will focus on techniques, experiences and lessons
learned for engineering secure and dependable software using the
DevOps paradigm, as well as other forms of agile development.

Suggested topics include, but are not limited to:

Security in DevOps
Security aspects of software deployment
Security in Continuous Deployment
Security Architecture in Agile Development
Security testing in DevOps
Container security for DevOps
Security automation tools
Security in agile software development
Agile security requirements
Risk management in software projects
Agile testing for security
Quantitative measurement of security properties
Static and dynamic analysis for security
Verification and assurance techniques for security properties
Security and usability
Design and deployment of secure services
Secure composition and adaptation of services
Teaching secure software development
Experience reports on successfully attuning developers to secure
software engineering
Industry experience talks

Important Dates
===============
March 3rd, 2018 Submission Deadline
April 6th, 2018 Author Notification
April 15th, 2018 Author Registration
April 15th, 2018 Camera-ready versions
May 21/25, 2018 Workshops


Submission Guidelines
=====================
Papers can be up to 8 pages long in the ACM conference template. If you need more space, save it for the journal version!

Paper submission is done through the EasyChair system:
https://easychair.org/conferences/?conf=secse2018

Submitted papers will be carefully evaluated based on originality,
significance, technical soundness and clarity of exposition.

Duplicate submissions are not allowed. A submission is considered to
be a duplicate submission if it is submitted to other
conferences/workshops/journals or if it has been already accepted to
be published in other conferences/workshops/journals. Duplicate
submissions thus will be automatically rejected without reviews.

Submission of a paper implies that should the paper be accepted, at
least one of the authors will register for the XP conference and
present the paper in the workshop. No-show papers will be removed from
the digital library after the workshop. Accepted papers will be given
guidelines in preparing and submitting the final manuscript(s)
together with the notification of acceptance.

Double blind review: SecSE requires anonymized submissions - please
make sure that submitted paper contains no author names or obvious
self-references.

Publication
===========
Accepted papers will be published by ACM conference proceedings.

Journal Special Issue
=====================
Distinguished papers submitted to SecSE will be invited to submit
revised and extended versions for publication in the International
Journal of Secure Software Engineering (ISSN 1947-3036).

Ignite talks (NEW!)
===================
We will have a session of 5-minute ignite talks (a variant of
PechaKucha) as part of the workshop. An ignite talk is perfect for
industrial experience reports! Ignite talks are meant to present ideas
and generate discussion. Share with us your novel, ground breaking
software security related message as an Ignite presentation. Tell us
about tools, processes, tips, tricks, war stories, etc.

Submit proposals of an Ignite Talk as a Title and Abstract (500 words
maximum) by email to sos-agile(at)sintef.no. The contributions are less
scientific in their nature but should be argued in a compelling way
accompanied by 20 auto-advance slides.

Organizers
==========

Martin Gilje Jaatun, SINTEF Digital, Norway
Daniela S. Cruzes, SINTEF Digital, Norway

Program Committee
=================

Karin Bernsmed, SINTEF Digital, Norway
Sergey Bratus, Dartmouth College, USA
Achim Brucker, Sheffield University, UK
Estibaliz Delgado, Tecnalia, Spain
Zeta Dooly, TSSG, Ireland
Jörn Eichler, Fraunhofer Institute for Applied and Integrated Security (AISEC), Germany
Shamail Faily, Bournemouth University, UK
Christophe Feltus, LIST, Luxembourg
Chad Heizenrater, DoD, USA
Sami Hyrynsalmi, Tampere University of Technology, Finland
Ronald Jabangwe, Maersk Mc-Kinney Moller Institute, SDU Software Engineering, University of Southern Denmark
Andrea Lanzi, Universita degli studi di Milano, Italy
Ville Leppänen, University of Turku, Finland
Jingyue Li, NTNU, Norway
Per Håkon Meland, SINTEF Digital, Norway
Anh Nguyen Duc, University College of Southeast Norway
Tosin Oyetoyan, SINTEF, Norway
Andreas Poller, Fraunhofer SIT, Darmstadt, Germany
Riccardo Scandariato, Chalmers, Sweden
Hossain Shahriar, Kennesaw State University, USA
Stephen Wolthusen, Royal Holloway University of London, UK
Hasan Yasar, Carnegie Mellon University, USA
George Yee, Carleton University, Canada