Call for Papers

The workshop addresses software engineering issues related to ensuring secure software through cross-cutting “security awareness”. Topics include (but are not limited to):

  • Flexible, lean and lightweight approaches to support security and to develop large-scale security -intensive software
  • Conflict between flexibility in modern systems and security
  • Security in new, emerging and maturing domains with potentially large problem and design spaces
  • “Soft” aspects of security, e.g, human behavior, psychological aspects, social engineering
  • Adaptive security and situational awareness
  • Data analytic and forensics for security
  • Impact of technology advances on implementing security, e.g., new implementation technologies, cloud computing, micro-services, serverless architectures
  • “Build-in” security, e.g., in programming languages
  • Mechanisms to model and handle security across different life cycle stages, from inception to operation
  • DevOps for developing, deploying and maintaining security-intensive systems
  • Design solutions to enable secure systems
  • Reference models/architectures/frameworks to ensure security across life cycle stages
  • Practices for requirements engineering, architecting, design, implementation, testing and maintenance of security-intensive systems
  • Traceability between security needs and how they are implemented
  • Methods for quality assurance, process and product metrics for security-intensive systems
  • Validation and verification of security, including prototyping to test and validate security
  • Assessment techniques and metrics for compliance of architecture, design, code, etc. with security needs
  • Training and tools, e.g., tools and techniques for stimulating “security thinking” during coding activities


We invite submissions in the following categories:

Position and vision papers (2-4 pages):

On-going research, new challenges and emerging trends; novel solutions and inspiring, new ideas; directions for future research.

Reference problem papers (2-4 pages):

Descriptions or examples of problems in real-life settings that pose fundamental or characteristic challenges.

Full papers (6-8 pages):

Innovative and original research, empirical studies, systematic literature studies, etc.

Industry and experience papers (Up to 8 pages):

Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).

Education and training papers (up to 8 pages):

Experiences, approaches and tools for teaching topics in academic courses or industrial training (e.g., lesson plans, assignments).

Artifact papers (2 pages):

cSecurity-related architectures, designs, code, etc. to build a corpus for research and education. Papers must include link to actual artifacts.

Workshop format

Sessions will be organized around themes, which will be determined by the program board following the review process. The first session will feature “one minute madness”– “one slide” talks from workshop participants (voluntary and independent of submitted papers) to share their initial thoughts on the topic. The idea is that all registered workshop participants can prepare one slide and present it in one minute to the workshop audience. Furthermore, the first session will include a keynote presentation around the original vision for a shared, community-wide infrastructure for empirical research in the software architecture area.

Formatting and Submission Guidelines

All papers must conform, at time of submission, to the ACM Formatting Guidelines. Please visit the Formatting and Submission Guidelines page for paper requirements.

Accepted Contributions

All authors of accepted papers will be asked to complete an electronic IEEE Copyright form and will receive further instructions for preparing their camera ready versions.

Accepted papers will be published as an ICSE 2018 Workshop Proceedings in the ACM Digital Library and IEEE Digital Library.