In conjunction with the 28th International Conference on Software Engineering (ICSE 2006)
The issue of software security is increasingly relevant in a world where most of our life depends directly on several complex computer-based systems. Today the Internet connects and enables a growing list of critical activities from which people expect services and revenues. In other words, they trust these systems to be able to provide data and elaborations with a degree of confidentiality, integrity, and availability compatible with their needs.
Historically, the software engineering community has strived more to obtain validity than trustworthiness. Nowadays, however, software ubiquity in the creation of critical infrastructures has raised the value of trustworthiness and new efforts should be dedicated to achieve it. In particular, security concerns should be taken into account as early as possible, and not added to systems as an after-thought: this is extremely expensive and it may compromise the design integrity in critical ways. Moreover, security features such as cryptographic protocols and tamper-resistant hardware cannot be simply used to "decorate" applications, to transform an insecure product in a secure one just by this addition. Surprisingly, several security holes are recurrent, notwithstanding the experience accumulated by security research in the last decades. Software engineers and practitioners should assimilate basic security techniques and integrate them in the current practice, while understanding associated costs and benefits.
At the same time, several well-known software engineering disciplines such as verification, testing, program analysis, process support, configuration management, requirement engineering, etc. could contribute to improving security solutions that sometimes lack a coherent methodological approach or, as in the case of security standards proposed by the Common Criteria or BS7799, are challenging to integrated with mainstream software engineering practice.
The SESS workshop aims at providing a venue for software engineers and security researchers to exchange ideas and techniques. The first edition was held in conjunction with ICSE2005.
Areas of interest include, but are not limited to:
Workshop papers must be limited to 7 pages in the ICSE two column format.