Call For Research Papers and Tutorials
We solicit research and experience papers on a broad range of topics relating to secure systems development. Examples of topics that are in scope include: the development of libraries, tools, or processes to produce systems resilient to certain attacks; formal foundations that underpin a language, tool, or testing strategy to improve security; techniques that drastically improve the scalability of security solutions for practical deployment; and experience, designs, or applications showing how to apply cryptographic techniques effectively to secure systems. We also welcome papers on machine learning for security automation in the software lifecycle, security assessment of generative AI output, including automated code and configuration, adversarial methods and defenses for generative code models (e.g., prompt injection, data poisoning), secure integration of generative AI tools in development workflows (SecDevOps), and formal methods and control of security policies for GenAI-generated artifacts.
SecDev also seeks hands-on and interactive tutorials on security-focused processes, frameworks, languages, and tools. The goal is to share knowledge on the experience, art , and science of secure systems development.
We welcome submissions of Systematization of Knowledge (SoK) papers that evaluate, organize, and contextualize existing knowledge. Submissions must include the prefix “SoK: ” in the title.
SecDev also has calls for other types of contributions, such as posters and tool demos, and abstracts from practitioners. Information on these solicitations are available on the SecDev website https://conf.researchr.org/home/secdev-2026
Areas of Interest
Areas of interest include (but are not limited to):
- Security/resiliency-focused system designs (HW/SW/architecture)
- Tools and methodology for secure code development
- Risk management and testing strategies to improve security
- Security engineering processes, from requirements to maintenance
- Security benchmarks and reproducibility studies
- Comparative experimental evaluation
- From research to practice - gaps and transitions
- Programming languages, development tools, and ecosystems supporting security
- Static program analysis for software security
- Dynamic analysis and runtime approaches for software security
- Automation of programming, deployment, and maintenance tasks for security
- Software ecosystem and software supply chain security
- Distributed systems design and implementation for security
- Privacy by design
- Developing secure multi-agent systems
- AI/ML-based secure development
- Human-centered design for systems security
- Formal verification and other high-assurance methods for security
- Code reviews, red teams, and other human-centered assurance
Mandatory In-Person Attendance
Note that SecDev is an in-person conference. Hence, for authors of all accepted papers and tutorials, we expect them to register for, and attend the conference in person. Thus, if you can foresee that this will be problematic for you, please do not submit.
Mandatory article processing charges (APC)
Starting 2026, all articles published by ACM will be made Open Access. This is greatly beneficial to the advancement of computer science and leads to increased usage and citation of research. Most authors will be covered by ACM OPEN agreements by that point and will not have to pay Article Processing Charges (APC). Check if your institution participates in ACM OPEN. Authors not covered by ACM OPEN agreements may have to pay APC; however, ACM is offering several automated and discretionary APC Waivers and Discounts. Further information is available here: https://libraries.acm.org/acmopen/article-types
Other Notes on submission:
Submissions must follow the latest policies from ACM (“ACM Policy on Authorship”, with associated FAQ), which includes a policy specific to the use of generative AI tools and technologies, such as ChatGPT.
The official publication date is the date the proceedings are made available in the ACM Digital Library. This date may be up to two weeks prior to the first day of FSE 2026. The official publication date affects the deadline for any patent filings related to published work.
Purchases of additional pages in the proceedings are not allowed.
Submission Details
Submission website: The website for submissions: https://secdev2026.hotcrp.com/
Latex Template: Submissions must use the two-column ACM Proceedings style. It must follow the ACM formatting guidelines, see http://www.acm.org/publications/proceedings-template for details. Authors using LaTeX must use the provided acmart.cls and ACM-Reference-Format.bst without modification, enable the conference format in the preamble of the document (i.e. \documentclass[sigconf,review]{acmart}), and use the ACM reference format for the bibliography (i.e., \bibliographystyle{ACM-Reference-Format}).
Submissions must be one of three categories:
Long (up to 10 pages), or Short (up to 6 pages, may be shorter) Research papers, excluding references and well-marked appendices. These must be well-argued and worthy of publication and citation, on the topics above. Research papers must present new work, evidence, or ideas. SoK papers are allowed (title must contain the “SoK:” prefix). Position papers with exceptional visions will also be considered.
Long (up to 10 pages), or Short (up to 6 pages, may be shorter) Experience papers, excluding references and well-marked appendices. These submissions should be reporting experience on the application of some tool(s) or methodology in a non-trivial setting. Papers in this category must include a discussion on the positive/negative results and the lessons learned.
Authors of accepted Research/Experience papers will present their work at the conference (e.g., in a 30-minute slot) and their papers will appear in the conference’s formal ACM proceedings.
We will follow the ACM SIGSOFT rules on Conflicts of Interest and Confidentiality of Submissions. https://www.sigsoft.org/policies/pgmcommittee.html#con_int. To improve the fairness of the reviewing process, SecDev will follow a light-weight double-blind reviewing process. Submitted papers must (a) omit any reference to the authors’ names or the names of their institutions, and (b) reference the authors’ own related work in the third person (e.g., not “We build on our previous work …” but rather “We build on the work of …”). Nothing should be done in the name of anonymity that weakens the submission or makes the job of reviewing the paper more difficult (e.g., important background references should not be omitted or anonymized). Please see the double-blind FAQ for the answers to many common concerns about SecDev’s double-blind reviewing process. When in doubt, contact the program chairs.
Tutorial proposals, up to 2 pages and cover (a) the topic; (b) a summary of the tutorial format highlighting hands-on aspects and possibly pointers to relevant materials; (c) the expected audience and expected learning outcomes; (d) prior tutorials or talks on similar topics by the authors (and audience size), if any. The title of the submission should be prefixed with “Tutorial:”. Tutorial proposals do not need to be anonymized.
Accepted tutorials should aim to be either 90 minutes or 180 minutes long. We strongly encourage tutorials to have hands-on components and audience interactions. We do not recommend simply slide presentations. Accepted tutorials may have their two-page abstract appear in the conference’s formal ACM proceedings. Tutorials will occur on the first day of the conference (Tuesday, October 14). Note that if an accepted tutorial requires special materials or environments for the hands-on participation, we expect the authors to provide necessary preparation instructions for the attendees. At least one author of each accepted paper and tutorial must register for the conference and present the paper/tutorial. However, registration for tutorial presenters is free of charge.
We are devoted to seeking broad representation in the program, and may take this into account when reviewing multiple submissions from the same authors.
If you have any questions, please email us: secdev.conference@gmail.com.
Use of AI-based tools (e.g., ChatGPT, Copilot)
In addition to the ACM policy for using ChatGPT, inspired by PoPETs, SecDev prescribes the following guidelines for using AI-based tools.
For authors: Papers that use AI-based tools such as ChatGPT or Copilot for writing or writing assistance are required to disclose their use in the acknowledgment section as follows.
- If you verbatim include text generated by an AI-based tool, you are required to disclose what part of the text, along with the prompt and the AI tool used for it.
- If you include significantly paraphrased text that was initially generated by an AI-based tool, you are also required to disclose what part of the text, along with the prompt and the AI tool used for it.
- If you use AI-based tools to revise writing style (e.g., change the text to active voice) or fix typographical issues, then you should mention which sections were revised using what kind of instructions or prompts (e.g., “The authors used ChatGPT4 to revise the text in Section 4 to correct any typos, grammatical errors, and awkward phrasing”).
For reviewers: We expect reviewers will not use AI-based tools (e.g., ChatGPT, Copilot) to write or edit their reviews. Furthermore, the reviewers are prohibited from inputting or uploading the submitted articles or draft reviews that may contain details about the submitted articles to AI-based tools. At the time of review submission, reviewers are asked to self-certify that the review they are submitting is written by themselves and not generated or edited by AI-based tools.
Important Dates
Paper and tutorial submission deadline: Thursday, January 29, 2026- Paper and tutorial submission extended deadline: Thursday, February 5, 2026
- Author notification: Thursday, March 19, 2026
- Camera-ready deadline: Friday, March 27th, 2026
- Conference dates: July 5th, 2026 and July 6th, 2026
Important update on ACMs new open access publishing model for 2026 ACM Conferences!
Starting January 1, 2026, ACM will fully transition to Open Access. All ACM publications, including those from ACM-sponsored conferences, will be 100% Open Access. Authors will have two primary options for publishing Open Access articles with ACM: the ACM Open institutional model or by paying Article Processing Charges (APCs). With over 2,600 institutions already part of ACM Open, the majority of ACM-sponsored conference papers will not require APCs from authors or conferences (currently, around 76%).
Authors from institutions not participating in ACM Open will need to pay an APC to publish their papers, unless they qualify for a financial waiver. To find out whether an APC applies to your article, please consult the list of participating institutions in ACM Open and review the https://www.acm.org/publications/policies/policy-on-discretionary-open-access-apc-waivers. Keep in mind that waivers are rare and are granted based on specific criteria set by ACM.
Understanding that this change could present financial challenges, ACM has approved a temporary subsidy for 2026 to ease the transition and allow more time for institutions to join ACM Open. The subsidy will offer:
$250 APC for ACM/SIG members $350 for non-members
This represents a 65% discount, funded directly by ACM. Authors are encouraged to help advocate for their institutions to join ACM Open during this transition period.
This temporary subsidized pricing will apply to all conferences scheduled for 2026.