First International Workshop on Secure Software Engineering (SecSE 2007) In conjunction with ARES 2007 http://www.ares-conference.eu/conf/ Call for Papers http://tinyurl.com/jbkra In our modern society, software is an integral part of everyday life, and we expect and depend upon software systems to perform correctly. Software security is about ensuring that systems continue to function correctly also under malicious attack. As most systems now are web-enabled, the number of attackers with access to the system increases dramatically and so the threat scenario changes. The traditional approach to secure a system includes putting up defence mechanisms like IDS and firewalls, but this is no longer sufficient. We need to be able to build better, more robust and more secure systems. Even more importantly, however, we should strive to achieve these qualities in all software systems, not just the ones that need special protection. This workshop will focus on techniques, experiences and lessons learned for engineering secure software. Suggested topics include, but are not limited to: - Secure architecture and design - Security in agile software development - Security requirements - Risk management in software projects - Secure implementation - Secure deployment - Testing for security - Static analysis for security - Lessons learned - Security and usability - Teaching secure software development - Experience reports on successfully attuning developers to secure software engineering Important dates: - Submission Deadline: December, 17th 2006 - Author Notification: January, 14th 2007 - Author Registration: January, 21st 2007 - Proceedings Version: January, 21st 2007 - Conference/workshop: April 10-13th Submission Guidelines Authors are invited to submit research and application papers in IEEE Computer Society Proceedings Manuscripts style (two columns, single-spaced, including figures and references, using 10 fonts, and number each page). You can confirm the IEEE Computer Society Proceedings Author Guidelines at the following web page: URL: http://www.computer.org/portal/pages/ieeecs/publications/author/index.html or http://www.tinmith.net/tabletop2006/IEEE/Format/instruct.htm We solicit the submission of full papers (8 pages) representing original, previously unpublished work. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, and clarity of exposition. Duplicate submissions are not allowed. A submission is considered to be a duplicate submission if it is submitted to other conferences/workshops/journals or if it has been already accepted to be published in other conferences/workshops/journals. Duplicate submissions thus will be automatically rejected without reviews. Contact author must provide the following information: paper title, authors' names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords and register at our ARES website: http://www.ares-conference.eu/conf/ (or http://tinyurl.com/pg4f3) Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper in the conference. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Note that SecSE 2007 does not require anonymized submissions. Publication All accepted papers will be published as ISBN proceedings published by IEEE Computer Society. Organizing committee: Torbjørn Skramstad, Norwegian University of Science and technology (NTNU) Lillian Røstad, Norwegian University of Science and technology (NTNU) Martin Gilje Jaatun, SINTEF ICT, Norway Enquiries to the organizing committee may be sent to: SecSE@idi.ntnu.no Program committee: Yngve Espelid, University of Bergen, Norway Ivan Flechais, University of Oxford, UK Christopher Krügel, Technische Universität Wien, Austria Hanno Langweg, Gjøvik University College, Norway Per Håkon Meland, SINTEF ICT, Norway Leon Moonen, Delft University of Technology, Netherlands Khalid Mughal, University of Bergen, Norway Lars-Helge Netland, University of Bergen, Norway Samuel Redwine, James Madison University, USA Chunming Rong, University of Stavanger, Norway Lillian Røstad, Norwegian University of Science and technology (NTNU) Christoph Schuba, Lindköpings University, Sweden Nahid Shahmehri, Lindköpings University, Sweden Torbjørn Skramstad, Norwegian University of Science and technology (NTNU) Stephen Wolthusen, Royal Holloway University of London, UK