SSE 2017

3rd International Workshop on Secure Software Engineering

to be held in conjunction with the 12th International Conference on Availability, Reliability and Security
(ARES 2017 –

August 29 – September 1, 2017, Reggio Calabria, Italy

Organizations are required often to produce secure software. They apply a software development and operation processes that integrate activities such as threat modeling, security code analysis, and security code review. The goal of the workshop is to bring together security and software development researchers and practitioners to share their finding, experiences, and positions about developing secure software. The workshop aims to encourage the use of scientific methods to investigate the challenges related to developing secure software. It aims also to increase the communication between security researchers and software development researchers to enable the development of techniques and best practices for developing secure software.


Experience with secure DevOps
Data-driven secure software development
Challenges for agile development of secure software
Incremental development of cyber-physical systems
Secure software development training and education
Tools supporting incremental secure software development
Usability of agile secure software development
Security awareness for software developers
Security and robustness testing in agile development
Submission Deadline  May 1, 2017
Author Notification  May 22, 2017
Proceedings Version  June 20, 2017
Conference  August 29 – September 1, 2017

Juha Röning
University of Oulu

Lotfi ben Othmane
Iowa State University, USA


Benjamin Aziz, University of Portsmouth, UK
Achim Brucker, University of Sheffield, UK
Bengt Carlsson, Uppsala University, Sweden
Martin Jaatun, SINTEF ICT, Norway
Joern Eichler, Fraunhofer AISEC, Germany
Khaled Khan, Qatar University, Qatar
Lotfi ben Othmane, Iowa State University, USA
Juha Röning, University of Oulu, Finland
Gerald Quirchmayr, University of Vienna, Austria
Antti Vähä-Sipilä, F-Secure, Finland
Edgar Weippl, SBA Research, Austria


The submission guidelines valid for the SSE workshop are the same as for the ARES conference. They can be found >>here<<.

Authors of selected papers that are accepted by and presented at the workshop will be invited to submit an extended version to special issues of international journals.

 invited speaker

Fabian Rodriguez, IBM, Germany

Abstract: DevOps is a great way to streamline development and deployment processes and reduce error risks. This is done for example by allowing the developer to bring his code from development to production himself. While this saves time and effort, it also poses a conflict to application compliance regulations. This is where Secure DevOps comes into place. Intra-daily deployments with two face approval? Secure DevOps allows to profit from the advantages of DevOps without having to sacrifice ASCA compliance. It is one of our innovation projects alongside of Watson Analytics and Analytics Apps for mobile devices.

Fabian is an IT architect at IBM Business Analytics. He builds & deploys business intelligence software automation for IBM and its clients. He is part of the innovation team, where they work on integrating innovative solutions and technologies into traditional business environment.