SSE 2017

3rd International Workshop on Secure Software Engineering

to be held in conjunction with the 12th International Conference on Availability, Reliability and Security
(ARES 2017 – http://www.ares-conference.eu )

August 29 – September 1, 2017, Reggio Calabria, Italy

Organizations are required often to produce secure software. They apply a software development and operation processes that integrate activities such as threat modeling, security code analysis, and security code review. The goal of the workshop is to bring together security and software development researchers and practitioners to share their finding, experiences, and positions about developing secure software. The workshop aims to encourage the use of scientific methods to investigate the challenges related to developing secure software. It aims also to increase the communication between security researchers and software development researchers to enable the development of techniques and best practices for developing secure software.

TOPICS OF INTEREST COMPRISE BUT ARE NOT LIMITED TO:

IMPORTANT DATES

WORKSHOP CHAIRS

Juha Röning
University of Oulu
juha[.]roning[at]oulu.fi

Lotfi ben Othmane
Iowa State University, USA
othmanel[at]iastate.edu

PROGRAM COMMITTEE

Benjamin Aziz, University of Portsmouth, UK
Achim Brucker, University of Sheffield, UK
Bengt Carlsson, Uppsala University, Sweden
Martin Jaatun, SINTEF ICT, Norway
Joern Eichler, Fraunhofer AISEC, Germany
Khaled Khan, Qatar University, Qatar
Lotfi ben Othmane, Iowa State University, USA
Juha Röning, University of Oulu, Finland
Gerald Quirchmayr, University of Vienna, Austria
Antti Vähä-Sipilä, F-Secure, Finland
Edgar Weippl, SBA Research, Austria

SUBMISSION

The submission guidelines valid for the SSE workshop are the same as for the ARES conference. They can be found >>here<<.

Authors of selected papers that are accepted by and presented at the workshop will be invited to submit an extended version to special issues of international journals.

invited speaker

Shannon Lietz, DevSecOps Lead, Intuit

Illuminating Cloud Security with DevSecOps

Abstract : Cloud Security is not yet well-defined and the path can be treacherous with adversaries that have become accustomed to it using their auto-pawn infrastructure to quickly capture targets.  Developing a good set of controls and defenses can be difficult with larger workloads and sensitive data.  Using continuous security methods, such as those integral to DevSecOps, has proven to be the best method for staying ahead of the bad guys.  This talk will provide abuse cases and cover the symbiotic relationship of Cloud Security and DevSecOps.

Shannon is an award winning innovator with over two decades of experience pursuing advanced security defenses and next generation security solutions. Ms. Lietz is currently the DevSecOps Leader for Intuit where she is responsible for setting and driving the company’s cloud security strategy, roadmap and implementation in support of corporate innovation. She operates a 24×7 DevSecOps team that includes Red and Blue Team operations. Previous to joining Intuit, Ms. Lietz worked for ServiceNow where she was responsible for the cloud security engineering efforts. Prior to this, Ms. Lietz worked for Sony where she drove the implementation of a new secure data center and led crisis management for a large-scale security breach. She has founded a metrics company, led major initiatives for hosting organizations as a Master Security Architect, developed security software and consulted for many Fortune 500 organizations.