Call for papers: 2nd Workshop on DevSecOps Research and Opportunities
(DevSecOpsRO 2024) (in conjunction with EuroS&P 2024, Vienna Austria)
We are happy to announce the 2nd Workshop on DevSecOps Research and
Opportunities (DevSecOpsRO 2024) that will be held in conjunction with
EuroS&P 2024 as a pre-conference workshop on July 12, 2024.
The security implications of attacks to the software supply chain are
nowadays well-known. Indeed, attacks such as the SolarWinds hack showed the
world that security cannot be treated as an add-on feature in software
development and distribution.
The need for this integration and the design of suitable methodologies to
make agile software development secure are paving their way in the security
community. In this context, we often refer to DevSecOps or SecDevOps when
discussing security integration in agile software production. Despite the
recently proposed models for secure development (e.g., SLSA and CSA CMM),
there currently exists no comprehensive framework that guarantees the
security and resiliency of the Software Development Lifecycle (SDLC). The
heterogeneity of solutions adopted by different vendors and the rapid
advancement of developing technologies further complicate the creation and
adoption of a common security framework. Furthermore, they create novel
attack surfaces that malicious users could exploit. Thus, it is fundamental
to uncover these novel threats before they can actually affect an SDLC.
With this workshop, we aim to attract novel contributions to the security
of the software supply chain to foster the creation of more conscious,
robust, resilient, and advanced methodologies to either expose novel
threats or propose advanced countermeasures to existing threats. We invite
academics, industry professionals, and enthusiasts to contribute their
research, experiences, and insights into the challenges and advancements in
DevSecOps.
Topics of interest include but are not limited to:
- Methodological approaches to agile secure software development
- Security testing integration in the software supply chain
- Static and dynamic software bill of materials
- Secure software development via cloud testing
- Secrets management along the software supply chain
- Novel attacks on the software supply chain
- Machine learning approaches to speed up security testing
- Maturity models for secure software development
- Declinations of DevSecOps in different fields
- Integration of incident and response team operations
- Tracking and handling updates along the software supply chains
- AI support to Secure Software Development
- Automated vulnerability detection
- Fuzzing methodologies for the software supply chain
- Automated approaches in detecting software vulnerabilities
- Automated application of software patches
- Strategies for meeting regulatory compliance and addressing security
challenges in DevSecOps.
Paper submission deadline: Mar. 15, 2024
Notification of acceptance: Apr. 30, 2024
Final papers: May 15, 2024
For additional information on paper format and submission guidelines,
please visit the DevSecOpsRO website at
https://spritz.math.unipd.it/events/2024/devSecOpsRO/CFP.html
Looking forward to seeing you at EuroS&P 2023!
The program chairs
Alessandro Brighente, University of Padua
Mauro Conti, University of Padua
Constantinos Patsakis, University of Piraeus
Agusti Solanas, Rovira i Virgili University, & APWG.EU Spain
Qiang Tang, Luxembourg Institute of Science and Technology