FTA 2026

Workshop Overview

The International Workshop on Firmware Testing and Analysis (FTA 2026) brings together researchers and practitioners to advance the state of the art in testing, security analysis, verification, and maintenance of firmware — the low-level software that powers laptops, desktop computers, servers, embedded systems, IoT devices, industrial controllers, and critical infrastructure. A firmware program is embedded in non-volatile storage on a computer’s motherboard. It controls how a computing device starts its boot process and interacts with its operating system after power-on.

Firmware poses unique challenges for security testing, analysis, and maintenance: It operates with minimal hardware abstractions, interacts directly with peripherals, and is often subject to resource constraints, real-time requirements, and long deployment lifetimes. Moreover, many firmware vulnerabilities can become persistent across system reboots. Also, in many cases, physical access to the devices would be required to mitigate threats. Finally, many mitigation efforts are challenging and may damage the computing device or impair some of its functionality. Research and development in this area must be significantly boosted to ensure that sophisticated cyberattacks, including Advanced Persistent Threats (APT), can be prevented, detected, and mitigated in a timely manner.

Additionally, Artificial Intelligence (AI) plays a key role on both the attackers’ side and the security experts’ front. The state of the art in Machine Learning, namely, pretrained Large Language Models (LLMs), such as the Claude models from Anthropic and the GPT models from OpenAI, is fundamentally transforming the cybersecurity landscape. FTA is interested in any contributions and discussions on firmware testing, analysis, and maintenance. We are particularly interested in the Unified Extensible Firmware Interface (UEFI), an open standard for specifying the architecture of computing system firmware. When it comes to UEFI, the UEFI Forum (https://uefi.org) and the TianoCore open-source software community (https://github.com/tianocore) play significant roles. The TianoCore community maintains reference implementations of various components of the UEFI specification, for example, EDK II. This has resulted in a vibrant and mature Open-Source Ecosystem (OSE) that has had a significant impact on global security, safety, and privacy. A recent $1.2M project (2025-2027) sponsored by the U.S. National Science Foundation (NSF), named TianoShield (https://tianoshield.github.io/home), aims to enhance the state of security of the TianoCore OSE and improve its overall open-source development process and practices. FTA is organized as part of TianoShield’s efforts to exploit and disseminate the technologies and create synergies. FTA 2026 will report on improvements, new results, and open problems in protecting the TianoCore OSE by using the TianoShield project as an anchor, while welcoming contributions from other participants and stakeholders in the firmware world.

After the successful organization of the International Workshop on Firmware Security Vulnerabilities (FirmVuln26) at VulnCon26 in Scottsdale, Arizona, USA, in April 2026, we are pleased to provide another dedicated venue for sharing novel techniques, tools, and empirical insights in this increasingly important area at the FTA 2026 Workshop at ISSTA 2026.

Call for Papers

Topics of Interest

Topics of interest include, but are not limited to:

• Automated static and dynamic firmware testing and analysis tools;
• AI-assisted firmware testing and analysis;
• (AI-enhanced) firmware maintenance and evolution;
• (AI-assisted) firmware security vulnerability detection and/or mitigation;
• Empirical studies, surveys, case studies, and lessons learned from the industry;
• Open reference datasets and benchmarks that enable future research in this area.

Submission Guidelines

Paper Categories

FTA 2026 accepts five categories of submissions:

1. Technical Papers / Research Papers / Surveys (up to 18 pages + 2 pages for references): Original research contributions presenting novel techniques, tools, substantial empirical findings, or surveys.
2. Industry & Experience Reports (up to 12 pages + 2 pages for references): Practical experiences, lessons learned, and case studies from industrial firmware development or analysis.
3. Short Papers / New Ideas and Emerging Results / Work-in-Progress (up to 8 pages + 2 pages for references): Preliminary results, emerging novel and ground-breaking ideas that lack full validation, or position statements.
4. Tool papers (up to 5 pages + 2 pages for references): Tool demonstrations
5. Extended Abstracts (up to 4 pages, including references): These will accompany posters presented at the workshop’s poster session. Accepted extended abstracts will be published in the proceedings.

Formatting

• Submissions must use the ACM Master Article template (acmart).
• LaTeX authors should use \documentclass[acmsmall,screen,review,anonymous]{acmart}. Note that this is a single-column format.
• Papers must be written in English and submitted as a PDF.
• All submissions will be reviewed double-blind; author names and affiliations must be omitted.
• Except for extended abstracts, which must be 4 pages, including all references; for other submission types, references do not count toward the page limit, and 2 extra pages are allowed for references.
• The above-mentioned page limits include space for all content, such as appendices, figures, and tables.
• Authors must comply with all ACM policies, including the policies on the use of generative AI. See https://www.acm.org/publications/policies/frequently-asked-questions.
• Submissions that do not adhere to the guidelines may be desk-rejected without review.

Submission System

Papers must be submitted via HotCRP at https://fta26.hotcrp.com before the submission deadline.

Publication

All accepted papers will be made Open Access by ACM. Article processing charges may apply. See https://www.acm.org/publications/openaccess.

Presentation

At least one author of every accepted paper must register for the workshop and present the work in person. Otherwise, the submission may be withdrawn and not published in the proceedings. FTA 2026 is an in-person event.

Websites

• Workshop Website: https://conf.researchr.org/home/splash-issta-2026/fta-2026
• TianoShield Project Website: https://tianoshield.github.io/home/events

Contact

For questions about the workshop or submissions, please contact the organizers at: amoin@uccs.edu and amachiry@purdue.edu

Acknowledgments

The FTA 2026 workshop is sponsored by ACM and uses SIGPLAN’s standard submission and reviewing terms. Moreover, this event is organized as part of the TianoShield project, which is supported by the U.S. National Science Foundation (NSF) under Grant No. 2534021. Any opinions, findings, conclusions, or recommendations expressed in this event are those of the authors/speakers and do not necessarily reflect the views of the NSF.