The 5th International Workshop on Software Security Engineering

Co-located with the 29th International Conference on Evaluation and Assessment in Software Engineering (EASE 2025), Tue 17 - Fri 20 June 2025 Istanbul, Turkey.


Keynote: Generative AI in Software Engineering: Challenges and Opportunities
  Sajjad Mahmood, King Fahd University of Petroleum & Minerals, Saudi Arabia
   
  IoT-AI Security for Dynamic Data-driven Environments
  Ankita Sharma, Shalli Rani and Muhammad Azeem Akbar
   
  Towards the Machine Learning methods for recognizing the security gap patterns in the code - literature review
  Aneta Poniszewska-Maranda, Wojciech Krasnowski and Bozena Borowska
  Evaluating the Effectiveness of SAST Tools: A Comparative Study on Vulnerability Detection, Reporting, and Usability
  Rawan Alraddadi, Haifa Al-Shammare, Faten Al-Abdulwahhab, Mahmood Niazi and Mamoona Humayun
  Product Guardian Role and Socio-Technical Debt Management in Large-Scale Agile
  Pavithra Herath, Muhammad Ovais Ahmad and Tomas Gustavsson
  Coffee Break 
   
  The Role of Generative AI in Strengthening Secure Software Coding Practices: A Systematic Perspective
Hathal S. Alwageed and Rafiq Ahmad Khan
  Comparative Analysis of AI-Driven Security Approaches in DevSecOps: Challenges, Solutions, and Future Directions
  Farid Binbeshr and Muhammad Imam
   
Security Perspective of Open-Source Serverless Platforms: An Empirical Investigation
  Muhammad Hamza, Muhammad Azeem Akbar, Kari Smolander and Arif Khan
   
  A Systematic Literature Review on Static Application Security Testing (SAST) Tools: Evaluation, Benchmarks, Challenges, and Future Directions
  Doaa Dalaq, Kaniz Fatima Daya, Alaa Dalaq, Muhammed Nazmul Arefin and Mahmood Khan Niazi
   
  An Explainable AI-based Network Intrusion Detection System for Botnet Attacks
  Dorieh Alomari, Maryam Ahmed Alabdullatif and Fakhri Alam Khan
   


About the Workshop

Over the last decade, an increasing number of organizations have started focusing on software security because modern applications typically operate in a hostile network-based environment. Traditionally, organizations have tried to address security concerns by finding and fixing security vulnerabilities once the software development cycle is completed. A software needs to be secured against any unauthorized users, and this can be achieved by incorporating security mechanisms into different phases of the software development lifecycle. However, incorporating security practices and processes into different phases of the software development life cycle remains a challenge. Software security area is evolving due to different factors such as increasing failure rates of software projects, economic downturn, and software development without security in mind, globalization and outsourcing. The empirical software engineering researchers need new approaches, models, and tools for addressing various emerging challenges of software security in this modern age. There is a need for using empirical evidence to support different new approaches in the software security research and practice which will provide researchers with innovative knowledge on which to develop different software security processes and practices. This will also help in improving existing software security approaches and processes in order to effectively develop secure software. This workshop will bring together and advance the work that has been undertaken on software security. The outcome of this workshop will provide researchers and practitioners with a firm basis on which to develop different practices/ tools/ techniques that are based on an understanding of how and where they fit into secure software development and research. New practices/ tools/ techniques could then be developed targeting secure software engineering community.

Aim of the workshop

This workshop aims to provide a venue to discuss software security challenges, opportunities, and lessons learned under the umbrella of empirical software engineering and software evaluation. It will bring together researchers and practitioners from academia, industry, and governments to report empirical studies and discuss issues related to Software Security. This workshop will seek submissions reporting original, unpublished research on software security covering any aspect of Experimental, Empirical, and Evidence-Based Software Engineering, for example, quantitative and qualitative methods for empirical evaluation of software security techniques, processes, methods, tools, and best practices. This will be a one-day paper-based presentation workshop, accepting research and software industry papers on software security.

Call for Papers

This workshop aspires to provide an opportunity for the empirical software engineering researchers and practitioners to present the state of the art, state of the practice, and the future directions on the following topics of software security.

  • Systematic literature reviews and mapping studies on software security
  • Tertiary studies on software security
  • Empirically based decision making
  • Controlled experiments and quasi-experiments on software security
  • Case studies, surveys, observational studies, Delphi studies, and field studies on software security
  • Empirical studies on software security using qualitative, quantitative, and mixed methods
  • Evaluation of software security techniques, tools, and models
  • Secure software requirements
  • Secure software design
  • Secure software coding
  • Secure software testing
  • Secure software acceptance
  • Secure software deployment, operations, and maintenance
  • Secure software acquisition
  • Project management for secure software development
  • Software security in global projects
  • Best practices and lessons learned in secure software development projects
  • Secure software metrics
  • Insider threats

Paper Submission

Workshop proceedings will be integrated in the EASE 2025 conference companion proceedings. Submitted papers must be written in English, contain original unpublished work, and conform to the ACM proceedings format. Please submit manuscripts via EasyChair, and in pdf format: https://conf.researchr.org/home/ease-2025

Important Dates

Papers submission

March 23, 2025 (extended)

Notifications to authors

April 13, 2025

Camera-ready

April 26, 2025

Early registration

May 2, 2025

Workshop date

June 20, 2025

Workshop Program Committee

  • Asif Gill, University of Technology Sydney, Australia
  • Azeem Akbar, Lappeeranta-Lahti University of Technology, Finland
  • Arif Ali Khan, University of Oulu, Finland
  • Ali Ouni, ETS Montreal, University of Quebec, Montreal, Canada
  • Richard Lai, La Trobe University, Melbourne, Australia
  • Samuel Ajila, Carleton University, Ottawa, Canada
  • Sajid Anwer, Prince Sattam Bin Abdulaziz University, Saudi Arabia
  • Affan Yasin, Northwestern Polytechnical University, China
  • Eman Abdullah AlOmar, Stevens Institute of Technology, New Jersey, USA
  • Peng Liang, Wuhan University, China
  • Fangcha Tian, Henan University of Technology, China
  • Siffat Ullah Khan, Malakand University, Pakistan
  • Saqib Ali, Sultan Qaboos University, Oman
  • Mamoona Humayun, University of Roehampton, UK

Workshop Chairs

Sajjad Mahmood

Associate Professor of software engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia. He received his Ph.D. from La Trobe University, Melbourne, Australia. Prior to pursuing his Ph.D., he also worked as a software engineer in the United States and Australia. He is an active researcher in the field of software engineering and has published more than 80 articles in peer-reviewed journals and international conferences. He has worked as a principal and co-investigator in a number of research projects that investigate issues related to global software development and secure software development. His research interests include empirical software engineering, evidence-based software engineering, global software development, secure software development, and software process improvement in general.

Mohammad Alshayeb

Professor of software engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia. He received his MS and Ph.D. in Computer Science and certificate of Software Engineering from the University of Alabama in Huntsville in 2000, 2002, and 1999 respectively. Dr. Alshayeb worked as a senior researcher and Software Engineer and managed software projects in the United States and the Middle East. Dr. Alshayeb taught and coordinated industrial training courses. He provided consulting services to major industrial and educational institutes. Dr. Alshayeb is a member of the editorial board of several Software Engineering Journals. Dr. Alshayeb received a number of certificates of excellence and appreciation from many companies. Dr. Alshayeb received Khalifa award for education as "the distinguished University Professor in the Field of Teaching within the Arab World", in 2016. He also received the "Excellence in Teaching", "Excellence in Advising" and "Instructional Technology" awards from KFUPM. Dr. He is a certified project manager (PMP). Dr. Alshayeb's research interests include empirical studies in Software Engineering, secure software, software quality, and software measurement and metrics.

Mahmood Niazi

Professor of Software Engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals Saudi Arabia. He has received the MPhil degree from the University of Manchester, U.K., and the Ph.D. degree from the University of Technology Sydney, Australia. He has spent more than a decade with leading technology أ¯آ¬ظ¾rms and universities as a Process Analyst, a Senior Systems Analyst, a Project Manager, and a Professor. He has participated in and managed several software development projects. Dr. Niazi is an active researcher in the field of empirical software engineering. Dr. Niazi has published over 100 articles He is interested in developing sustainable processes in order to develop systems, which are reliable, secure, and fulfill customer needs. His research interests are evidence-based software engineering, requirements engineering, sustainable, reliable, and secure software engineering processes, global and distributed software engineering, software process improvement, and software engineering project management. Previously Dr. Niazi worked for Keele University UK, National ICT Australia, University of Technology Sydney Australia, University of Sydney Australia, and the University of Manchester UK.

CONTACT US

Sajjad Mahmood, Mohammad Alshayeb, Mahmood Niazi

smahmood@kfupm.edu.sa | alshayeb@kfupm.edu.sa | mkniazi@kfupm.edu.sa

  • Information and Computer Science Department, King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia
  • Interdisciplinary Research Center for Intelligent Secure Systems, King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia