3rd International Workshop on Secure Software Engineering
to be held in conjunction with the 12th International Conference on Availability, Reliability and Security
(ARES 2017 – http://www.ares-conference.eu)
August 29 – September 1, 2017, Reggio Calabria, Italy
Organizations are required often to produce secure software. They apply a software development and operation processes that integrate activities such as threat modeling, security code analysis, and security code review. The goal of the workshop is to bring together security and software development researchers and practitioners to share their finding, experiences, and positions about developing secure software. The workshop aims to encourage the use of scientific methods to investigate the challenges related to developing secure software. It aims also to increase the communication between security researchers and software development researchers to enable the development of techniques and best practices for developing secure software.
TOPICS OF INTEREST COMPRISE BUT ARE NOT LIMITED TO:
|Experience with secure DevOps
Data-driven secure software development
Challenges for agile development of secure software
Incremental development of cyber-physical systems
Secure software development training and education
|Tools supporting incremental secure software development
Usability of agile secure software development
Security awareness for software developers
Security and robustness testing in agile development
|Submission Deadline||May 8, 2017|
|Author Notification||May 22, 2017|
|Proceedings Version||June 20, 2017|
|Conference||August 29 – September 1, 2017|
University of Oulu
Lotfi ben Othmane
Iowa State University, USA
Benjamin Aziz, University of Portsmouth, UK
Achim Brucker, University of Sheffield, UK
Bengt Carlsson, Uppsala University, Sweden
Martin Jaatun, SINTEF ICT, Norway
Joern Eichler, Fraunhofer AISEC, Germany
Khaled Khan, Qatar University, Qatar
Lotfi ben Othmane, Iowa State University, USA
Juha Röning, University of Oulu, Finland
Gerald Quirchmayr, University of Vienna, Austria
Antti Vähä-Sipilä, F-Secure, Finland
Edgar Weippl, SBA Research, Austria
The submission guidelines valid for the SSE workshop are the same as for the ARES conference. They can be found >>here<<.
Authors of selected papers that are accepted by and presented at the workshop will be invited to submit an extended version to special issues of international journals.
Fabian Rodriguez, IBM, Germany
DevOps in business critical environments
Abstract: DevOps is a great way to streamline development and deployment processes and reduce error risks. This is done for example by allowing the developer to bring his code from development to production himself. While this saves time and effort, it also poses a conflict to application compliance regulations. This is where Secure DevOps comes into place. Intra-daily deployments with two face approval? Secure DevOps allows to profit from the advantages of DevOps without having to sacrifice ASCA compliance. It is one of our innovation projects alongside of Watson Analytics and Analytics Apps for mobile devices.
Fabian is an IT architect at IBM Business Analytics. He builds & deploys business intelligence software automation for IBM and its clients. He is part of the innovation team, where they work on integrating innovative solutions and technologies into traditional business environment.
Shannon Lietz, DevSecOps Lead, Intuit
Illuminating Cloud Security with DevSecOps
Abstract: Cloud Security is not yet well-defined and the path can be treacherous with adversaries that have become accustomed to it using their auto-pawn infrastructure to quickly capture targets. Developing a good set of controls and defenses can be difficult with larger workloads and sensitive data. Using continuous security methods, such as those integral to DevSecOps, has proven to be the best method for staying ahead of the bad guys. This talk will provide abuse cases and cover the symbiotic relationship of Cloud Security and DevSecOps.
Shannon is an award winning innovator with over two decades of experience pursuing advanced security defenses and next generation security solutions. Ms. Lietz is currently the DevSecOps Leader for Intuit where she is responsible for setting and driving the company’s cloud security strategy, roadmap and implementation in support of corporate innovation. She operates a 24×7 DevSecOps team that includes Red and Blue Team operations. Previous to joining Intuit, Ms. Lietz worked for ServiceNow where she was responsible for the cloud security engineering efforts. Prior to this, Ms. Lietz worked for Sony where she drove the implementation of a new secure data center and led crisis management for a large-scale security breach. She has founded a metrics company, led major initiatives for hosting organizations as a Master Security Architect, developed security software and consulted for many Fortune 500 organizations.