Reliable and trustworthy Automated Software EngineeringRASE 2026

Abstract

Modern software engineering tasks, from AI-assisted development to testing and program repair, increasingly rely on automation. Nowadays, automated tools support developers in many stages of the software lifecycle, including code generation, dependency management, vulnerability detection, testing, and maintenance. While automation quickens development and maintenance processes, its impact on trustworthiness, reliability, and accountability remains unclear. Indeed, automated systems may introduce hidden dependencies, propagate vulnerabilities at scale, or generate code whose provenance, reliability, and compliance properties are difficult to verify. At the same time, regulatory frameworks and industry practices increasingly demand traceability, accountability, and verifiable assurance in modern software systems. These developments highlight a fundamental research challenge: automation itself must become trustworthy. To fill this gap, RASE aims to establish itself as a leading forum that brings together researchers and practitioners from diverse fields, including software engineering, cybersecurity, and artificial intelligence, to promote automated techniques that enhance software transparency, protection, and assurance as core elements of trustworthy systems. Beyond supporting the development of trustworthy software systems, RASE aims to establish automation itself as a trustworthy actor within the software lifecycle, ensuring that automated tools and AI-based assistants deliver verifiable, auditable, and reliable outcomes.

Motivation and Objectives

Automated software engineering is receiving increasing attention from the Software Engineering community due to the growing reliance on automation across the software lifecycle. As automated tools and AI-based assistants are increasingly used to support development, testing, maintenance, and other engineering activities [1-3], it becomes necessary to understand not only how effective these techniques are, but also how trustworthy their outcomes can be in practice. According to the 2025 Stack Overflow Developer Survey, only 3% of over 33,000 respondents highly trust the accuracy of AI tools, while 46% actively distrust them. In this context, software engineering is no longer concerned solely with producing automated outputs, but also with ensuring that such outputs can be trusted, inspected, and responsibly adopted [4, 5].

On the one hand, automation is enabling new ways to support developers and organizations in the production, analysis, and evolution of software artifacts [6, 7]. On the other hand, the increasing dependence on automated tools, complex software ecosystems, and AI-assisted pipelines raises new concerns about visibility, protection, assurance, and accountability [8, 9]. These challenges are especially relevant in settings where artifacts, dependencies, and automated decisions interact in ways that are difficult to observe and verify directly [10]. In particular, these concerns emerge in scenarios where automation affects the visibility of software supply chains, the behavioral transparency of software artifacts, and the traceability of dependencies and development outcomes across modern software ecosystems [11, 12].

The potential of research on trustworthy automated software engineering is therefore increasingly evident. Recent work at the intersection of software engineering, cybersecurity, and artificial intelligence suggests that automation should not only help developers produce software more efficiently but should also contribute to making software systems and development processes more transparent, protected, and trustworthy [13-16]. This helps motivate the community to further investigate techniques and tools that can support these goals in a systematic way.

Therefore, the main objective of the RASE workshop is to bring together researchers and practitioners from software engineering, cybersecurity, and artificial intelligence to share experiences, discuss open challenges, and provide directions for future research on trustworthy automated software engineering. In particular, the workshop aims to encourage discussion on how automation can strengthen software transparency, protection, and assurance, while also making automated tools themselves more reliable, understandable, and accountable.

Some of the specific topics to be explored in the workshop include:

• Automation for Software Transparency. Modern software systems increasingly rely on complex dependencies, third-party components, and AI-generated artifacts whose origin, evolution, and integrity are often difficult to inspect and verify. In this context, we are interested in automated techniques that can make software ecosystems more observable and auditable, fostering greater visibility across artifacts, dependencies, and development pipelines.
• Automation for Software Trustworthiness. The growing reliance on automation in software development and maintenance raises the need for techniques that can strengthen the protection and assurance of modern software systems. We are interested in contributions that address how automated methods can support the identification, mitigation, and prevention of risks affecting software artifacts, dependencies, and AI-assisted systems.
• Trustworthy Automation. As automated tools and AI-based assistants assume an increasingly central role in development and maintenance activities, their own trustworthiness becomes a research challenge in itself. In this context, we are interested in approaches that help make automated software engineering tools more reliable, understandable, and accountable in practical settings.
• Foundations and Evaluation. Progress in trustworthy automated software engineering also depends on stronger evaluation practices and shared foundations for assessing results over time. We therefore welcome contributions aimed at improving how the community measures, compares, and studies trustworthiness properties in automated software engineering across different contexts and software ecosystems.

References

[1] Mingwei Liu, Tianyong Yang, Yiling Lou, Xueying Du, Ying Wang, and Xin Peng. Codegen4libs: A two-stage approach for library-oriented code generation. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 434–445. IEEE, 2023.

[2] Zhi Chen and Lingxiao Jiang. Promise and peril of collaborative code generation models: Balancing effectiveness and memorization. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, pages 493–505, 2024.

[3] Noble Saji Mathews and Meiyappan Nagappan. Test-driven development and llm-based code generation. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, pages 1583–1594, 2024.

[4] Xiao Yu, Haoxuan Chen, Lei Liu, Xing Hu, Jacky Wai Keung, and Xin Xia. Realisticcodebench: Towards more realistic evaluation of large language models for code generation. In 2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 3021–3033. IEEE, 2025.

[5] Yukai Zhao, Menghan Wu, Xing Hu, and Xin Xia. Hfuzzer: Testing large language models for package hallucinations via phrase-based fuzzing. In 2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 2746—2758, IEEE, 2025.

[6] Junaed Younus Khan and Gias Uddin. Automatic code documentation generation using gpt-3. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, pages 1–6, 2022.

[7] Myungho Lee, Jiseong Bak, Seokhyeon Moon, Yoon-Chan Jhi, and Hakjoo Oh. Effective unit test generation for java null pointer exceptions. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, pages 1044–1056, 2024.

[8] Yunbo Lyu, Zhou Yang, Jieke Shi, Jianming Chang, Yue Liu, and David Lo. "my productivity is boosted, but… " demystifying users’ perception on ai coding assistants. In 2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 191–203. IEEE, 2025.

[9] Xinyi Zheng, Chen Wei, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, and Haoyu Wang. Towards robust detection of open source software supply chain poisoning attacks in industry environments. In Proceedings of the 39th IEEE/ACM international conference on automated software engineering, pages 1990–2001, 2024.

[10] Bonan Ruan, Zhiwei Lin, Jiahao Liu, Chuqi Zhang, Kaihang Ji, and Zhenkai Liang. Propagation-based vulnerability impact assessment for software supply chains. In 2025 40th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 65-77. IEEE, 2025.

[11] Kapil Singi, Jagadeesh Chandra Bose RP, Sanjay Podder, and Adam P Burden. Trusted software supply chain. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 1212–1213. IEEE, 2019.

[12] Wentao Liang, Xiang Ling, Jingzheng Wu, Tianyue Luo, and Yanjun Wu. A needle is an outlier in a haystack: Hunting malicious pypi packages with code clustering. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 307–318. IEEE, 2023.

[13] Kexin Sun, Yiding Ren, Hongyu Kuang, Hui Gao, Xiaoxing Ma, Guoping Rong, Dong Shao, and He Zhang. Aviate: Exploiting translation variants of artifacts to improve ir-based traceability recovery in bilingual software projects. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, pages 519–530, 2024.

[14] Sen Chen, Yuxin Zhang, Lingling Fan, Jiaming Li, and Yang Liu. Ausera: Automated security vulnerability detection for android apps. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 1–5, 2022.

[15] Chao Ni, Xinrong Guo, Yan Zhu, Xiaodan Xu, and Xiaohu Yang. Function-level vulnerability detection through fusing multi-modal knowledge. In 2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 1911-1918). IEEE, 2023.

[16] Jian Zhao, Shenao Wang, Yanjie Zhao, Xinyi Hou, Kailong Wang, Peiming Gao, Yuanchao Zhang, Chen Wei, and Haoyu Wang. Models are codes: Towards measuring malicious code poisoning attacks on pre-trained model hubs. In Proceedings of the 39th IEEE/ACM international conference on automated software engineering, pages 2087–2098, 2024.

Call for papers

Modern software engineering tasks, from synthesis and AI-assisted development to testing and program repair, increasingly rely on automation. Automated tools now support developers in many stages of the software lifecycle, including code generation, dependency management, vulnerability detection, testing, and maintenance. While automation quickens development and maintenance processes, its impact on trustworthiness, reliability, and accountability remains unclear. Recent incidents in the software supply chain, the widespread propagation of vulnerabilities across dependencies, and the rapid adoption of AI-based code generation assistants and automated development agents have highlighted how automation can increase risks as quickly as it accelerates development. At the same time, regulatory frameworks and industry practices increasingly demand traceability, accountability, and verifiable assurance in modern software systems. To fill this gap, RASE focuses on advancing automated techniques that strengthen software transparency, protection, and assurance as core pillars of trustworthy systems. Besides fostering the development of trustworthy software systems, RASE aims to establish automation itself as a trustworthy actor within the software lifecycle, ensuring that automated tools and AI-based development assistants produce verifiable, auditable, and robust outcomes.

Researchers and practitioners are invited to submit:

• Full papers (maximum of 8 pages, including references). Original research on Trustworthy Automated Software Engineering, either empirical, theoretical, or showing practical experience of using techniques and/or tools for addressing the challenge of enhancing the trustworthiness of software systems.
• Education tools and material (maximum of 8 pages, including references). Original contributions covering all dimensions of learning and teaching approaches and techniques for enhancing the accountability, transparency, dependability, and integrity in software engineering courses. This also includes experience reports providing informal proof by outlining a particular experience connected to education and training, such as a course, an educational or training method. The submission should translate the experience into practical guidance and insights gained, without the requirement for thorough evaluation or the application of rigorous research techniques to back its claims.
• Replication Studies and Negative results (maximum of 8 pages, including references). Research papers and reviews focusing on negative results or the reproducibility of previously published work. We believe that publishing negative results, alongside positive ones, provides a more holistic view of the research landscape, fostering transparency, credibility, and the elimination of publication bias.
• Short and Demonstration papers (maximum of 4 pages, including references). Work that describes novel techniques, tools, ideas, and positions that have yet to be fully developed; or are a discussion of the importance of a recently published result by another author in setting a direction for the SE community, and/or the potential applicability (or not) of the result in an industrial context.
• Position papers (maximum of 2 pages, including references). Contributions that analyze impact of automated software engineering techniques on trustworthiness, raising issues of importance. Position papers are intended to seed discussion and debate at the workshop, and thus will be reviewed with respect to relevance and their ability to spark discussions.

In all cases, papers should address a problem at the intersection between trustworthiness and software engineering or combine elements of transparency, accountability, or dependability research with other concerns in the software engineering lifecycle.

Topics of interest

Pragmatically, RASE welcomes contributions on foundations, techniques, tools, and empirical studies related to automating trustworthy software engineering, including but not limited to:

Automation for Software Transparency

• Automated generation, validation, verification, and evolution of Software Bills of Materials (SBOMs) and AI Bills of Materials (AIBOMs)
• Dependency analysis, supply-chain visibility, and provenance tracking
• Behavioral transparency through automated logging, monitoring, and runtime explainability
• Automated compliance checking and transparency auditing
• Automating regulatory compliance checks (e.g., EU Cyber Resilience Act, AI Act …)
• Software Composition Analysis
• Automated traceability across software artifacts, models, and dependencies
• Transparency mechanisms for AI-assisted software development tools and pipelines

Automation for Software Trustworthiness

• Automated vulnerability detection, localization, and repair
• Impacts, problems, and risks of the vulnerability fixing process
• Protection against supply-chain attacks and dependency confusion
• Automated integrity verification and tamper detection
• Secure-by-construction and policy-driven code generation
• Automated hardening, sandboxing, and isolation techniques
• Protection of software assets
• Protection of ML-enabled and AI-assisted software system
• Security mechanisms for AI-generated code and automated software artifacts

Trustworthy Automation

• Verification and validation of automated SE tools
• Confidential computing impacts on software effectiveness
• Trustworthiness of AI-based code generation and repair
• Empirical studies of automation-induced risk
• Human-in-the-loop approaches for trustworthy automation
• Transparency and explainability of automated software engineering tools
• Accountability and governance mechanisms for automated development agents

Foundations and Evaluation

• Metrics and benchmarks for trustworthy automation
• Large-scale empirical studies on software supply-chain risk
• Industrial case studies and tool demonstrations
• Empirical evaluation of AI-assisted development tools
• Benchmarking trustworthiness properties of automated SE systems

Submission Guidelines

All submissions must conform to the ASE 2026 formatting and submission instructions. All submissions must be anonymized, in PDF format and should be submitted electronically through EasyChair.