posted by user: abrighen || 157 views || tracked by 1 users: [display]

DevSecOpsRO 2024 : 2nd Workshop on DevSecOps Research and Opportunities (DevSecOpsRO) (in conjunction with EuroS&P 2024)

FacebookTwitterLinkedInGoogle

Link: https://spritz.math.unipd.it/events/2024/devSecOpsRO/CFP.html
 
When Jul 12, 2024 - Jul 12, 2024
Where Vienna, Austria
Submission Deadline Mar 15, 2024
Notification Due Apr 30, 2024
Final Version Due May 15, 2024
Categories    security & privacy   software   agile development   devsecops
 

Call For Papers

The security implications of attacks to the software supply chain are nowadays well-known. Indeed, attacks such as the SolarWinds hack showed the world that security cannot be treated as an add-on feature in software development and distribution. The need for this integration and the design of suitable methodologies to make agile software development secure are paving their way in the security community. In this context, we often refer to DevSecOps or SecDevOps when discussing security integration in agile software production. Despite the recently proposed models for secure development (e.g., SLSA and CSA CMM), there currently exists no comprehensive framework that guarantees the security and resiliency of the Software Development Lifecycle (SDLC). The heterogeneity of solutions adopted by different vendors and the rapid advancement of developing technologies further complicate the creation and adoption of a common security framework. Furthermore, they create novel attack surfaces that malicious users could exploit. Thus, it is fundamental to uncover these novel threats before they can actually affect an SDLC. With this workshop, we aim to attract novel contributions to the security of the software supply chain to foster the creation of more conscious, robust, resilient, and advanced methodologies to either expose novel threats or propose advanced countermeasures to existing threats. We invite academics, industry professionals, and enthusiasts to contribute their research, experiences, and insights into the challenges and advancements in DevSecOps.

Topics of interest include but are not limited to:

- Methodological approaches to agile secure software development
- Security testing integration in the software supply chain
- Static and dynamic software bill of materials
- Secure software development via cloud testing
- Secrets management along the software supply chain
- Novel attacks on the software supply chain
- Machine learning approaches to speed up security testing
- Maturity models for secure software development
- Declinations of DevSecOps in different fields
- Integration of incident and response team operations
- Tracking and handling updates along the software supply chains
- AI support to Secure Software Development
- Automated vulnerability detection
- Fuzzing methodologies for the software supply chain
- Automated approaches in detecting software vulnerabilities
- Automated application of software patches
- Strategies for meeting regulatory compliance and addressing security challenges in DevSecOps.


DevSecOpsRA accepts regular papers (up to 8 pages), short papers (up to 5 pages), and position papers (up to 2 pages). Lengths include bibliography and well-marked appendices.

Full papers will be published in the proceedings of EuroS&P. Position and short papers will not be included in the proceedings. Extended versions of selected papers will be invited to special issues of peer-reviewed journals.

Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply at this link (the link will be available soon). Please do not use other IEEE templates.

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.

Important dates

Paper submission deadline: Mar. 15, 2024
Notification of acceptance: Apr. 30, 2024
Final papers: May 15, 2023

Related Resources

AIFU 2024   10th International Conference on Artificial Intelligence and Applications
CPAIOR 2024   International Conference on the Integration of Constraint Programming, Artificial Intelligence, and Operations Research
SOFT 2024   10th International Conference on Software Engineering
CIA 2024   2nd Workshop on Cyber Intelligence and Applications - In conjunction with the 24th International Conference on Computational Science and its Applications (ICCSA 2024)
IJAIT 2024   International Journal of Advanced Information Technology
ICAIR 2024   4th International Conference on AI Research (formally the European Conference on the Impact of Artificial Intelligence and Robotics)
SEA 2024   13th International Conference on Software Engineering and Applications
International Conference on Health 2024   Fourteenth International Conference on Health, Wellness & Society- Health, Wellness, and Society Research Network and Malmö University, Malmö, Sweden
IWSPA 2024   The 10th ACM International Workshop on Security and Privacy Analytics
IEEE ICC'24 NextG-WiSec 2024   IEEE NextG-WiSec: The Ninth IEEE Workshop on NextG (6G and beyond) Wireless Security in conjunction with IEEE ICC 2024, 9–13 June 2024 - Denver, CO, USA