4th International Workshop on Software Security: Challenges, Opportunities, and Lessons LearnedSecure Software '24

Over the last decade, many organizations have focused on software security because modern applications typically operate in a hostile network-based environment. Traditionally, organizations have tried to address security concerns by finding and fixing security vulnerabilities once the software development cycle is completed. Software needs to be secured against any unauthorized users, and this can be achieved by incorporating security mechanisms into different phases of the software development lifecycle. However, incorporating security practices and processes into different software development life cycle phases remains a challenge. Software security is evolving due to increasing failure rates of software projects, economic downturn, software development without security in mind, globalization, and outsourcing. The empirical software engineering researchers need new approaches, models, and tools for addressing various emerging software security challenges in this modern age. There is a need for empirical evidence to support different new approaches in software security research and practice. This will provide researchers with innovative knowledge on developing different software security processes and practices. This will also help improve existing software security approaches and processes to build secure software effectively. This workshop will bring together and advance the work undertaken on software security. The outcome of this workshop will provide researchers and practitioners with a firm basis on which to develop different practices/ tools/ techniques based on an understanding of how and where they fit into secure software development and research. New practices/ tools/ techniques could then be developed targeting the secure software engineering community.
More details are available at: http://www.softwareengineeringresearch.net/SSW24/index.html

Call for Papers

The aim of this workshop is to provide a venue to discuss software security challenges, opportunities and lessons learned under the umbrella of empirical software engineering and software evaluation. This workshop will bring together researchers and practitioners from academia, industry and governments to report empirical studies and discuss the issues relating to software security. This workshop will seek submissions reporting original, unpublished research on software security covering any aspect of experimental, empirical and evidence-based software engineering, for example the use of quantitative and qualitative methods for empirical evaluation of software security techniques, processes, methods, tools and best practices. This will be a one-day paper-based presentations workshop, which will accept research and software industry papers on the topic of software security.
More details are available at: http://www.softwareengineeringresearch.net/SSW24/index.html

This workshop aspires to provide an opportunity for the empirical software engineering researchers and practitioners to present the state of the art, state of the practice, and the future directions on the following topics of software security.

• Systematic literature reviews and mapping studies on software security
• Tertiary studies on software security
• Empirically based decision-making
• Controlled experiments and quasi-experiments
• Case studies, surveys, observational studies, Delphi studies, field studies on software security
• Empirical studies on software security using qualitative, quantitative, and mixed methods
• Evaluation of software security techniques, tools and models
• Secure software requirements
• Secure software design
• Secure software coding
• Secure software acceptance
• Secure software deployment, operations and maintenance
• Secure software acquisition
• Project management for secure software development
• Best practices and lessons learned in secure software development projects
• Software security in global projects
• Secure software metrics
• Best practices and lessons learned in secure software development projects

Paper Submission
The maximum page length for the workshop is 6 pages. Workshop proceedings will be integrated in the EASE 2024 conference companion proceedings. Submitted papers must be written in English, contain original unpublished work, and conform to the ACM proceedings format.
Please submit manuscripts via EasyChair, and in pdf format: https://easychair.org/conferences/?conf=ease2024