SSE 2017

3rd International Workshop on Secure Software Engineering

to be held in conjunction with the 12th International Conference on Availability, Reliability and Security
(ARES 2017 – http://www.ares-conference.eu)

August 29 – September 1, 2017, Reggio Calabria, Italy

Organizations are required often to produce secure software. They apply a software development and operation processes that integrate activities such as threat modeling, security code analysis, and security code review. The goal of the workshop is to bring together security and software development researchers and practitioners to share their finding, experiences, and positions about developing secure software. The workshop aims to encourage the use of scientific methods to investigate the challenges related to developing secure software. It aims also to increase the communication between security researchers and software development researchers to enable the development of techniques and best practices for developing secure software.

TOPICS OF INTEREST COMPRISE BUT ARE NOT LIMITED TO:

Experience with secure DevOps

Data-driven secure software development

Challenges for agile development of secure software

Incremental development of cyber-physical systems

Secure software development training and education
Tools supporting incremental secure software development

Usability of agile secure software development

Security awareness for software developers

Security and robustness testing in agile development
IMPORTANT DATES
Submission Deadline  May 8, 2017
Author Notification  May 22, 2017
Proceedings Version  June 20, 2017
Conference  August 29 – September 1, 2017
WORKSHOP CHAIRS

Juha Röning
University of Oulu
juha[.]roning[at]oulu.fi

Lotfi ben Othmane
Iowa State University, USA
othmanel[at]iastate.edu

PROGRAM COMMITTEE

Benjamin Aziz, University of Portsmouth, UK
Achim Brucker, University of Sheffield, UK
Bengt Carlsson, Uppsala University, Sweden
Martin Jaatun, SINTEF ICT, Norway
Joern Eichler, Fraunhofer AISEC, Germany
Khaled Khan, Qatar University, Qatar
Lotfi ben Othmane, Iowa State University, USA
Juha Röning, University of Oulu, Finland
Gerald Quirchmayr, University of Vienna, Austria
Antti Vähä-Sipilä, F-Secure, Finland
Edgar Weippl, SBA Research, Austria

SUBMISSION

The submission guidelines valid for the SSE workshop are the same as for the ARES conference. They can be found >>here<<.

Authors of selected papers that are accepted by and presented at the workshop will be invited to submit an extended version to special issues of international journals.

 invited speaker

Fabian Rodriguez, IBM, Germany

DevOps in business critical environments

Abstract: DevOps is a great way to streamline development and deployment processes and reduce error risks. This is done for example by allowing the developer to bring his code from development to production himself. While this saves time and effort, it also poses a conflict to application compliance regulations. This is where Secure DevOps comes into place. Intra-daily deployments with two face approval? Secure DevOps allows to profit from the advantages of DevOps without having to sacrifice ASCA compliance. It is one of our innovation projects alongside of Watson Analytics and Analytics Apps for mobile devices.

Fabian is an IT architect at IBM Business Analytics. He builds & deploys business intelligence software automation for IBM and its clients. He is part of the innovation team, where they work on integrating innovative solutions and technologies into traditional business environment.

Shannon Lietz, DevSecOps Lead, Intuit

Illuminating Cloud Security with DevSecOps

Abstract: Cloud Security is not yet well-defined and the path can be treacherous with adversaries that have become accustomed to it using their auto-pawn infrastructure to quickly capture targets.  Developing a good set of controls and defenses can be difficult with larger workloads and sensitive data.  Using continuous security methods, such as those integral to DevSecOps, has proven to be the best method for staying ahead of the bad guys.  This talk will provide abuse cases and cover the symbiotic relationship of Cloud Security and DevSecOps.

Shannon is an award winning innovator with over two decades of experience pursuing advanced security defenses and next generation security solutions. Ms. Lietz is currently the DevSecOps Leader for Intuit where she is responsible for setting and driving the company’s cloud security strategy, roadmap and implementation in support of corporate innovation. She operates a 24×7 DevSecOps team that includes Red and Blue Team operations. Previous to joining Intuit, Ms. Lietz worked for ServiceNow where she was responsible for the cloud security engineering efforts. Prior to this, Ms. Lietz worked for Sony where she drove the implementation of a new secure data center and led crisis management for a large-scale security breach. She has founded a metrics company, led major initiatives for hosting organizations as a Master Security Architect, developed security software and consulted for many Fortune 500 organizations.