The fourth International Workshop on Secure Software: Challenges, Opportunities and Lessons Learned.

Co-located with 28th International Conference on Evaluation and Assessment in Software Engineering (EASE 2024), Tue 18 - Fri 21 June 2024 Salerno, Italy.

   
Accepted Papers [Workshop Date: June 21, 2024] - EASE Complete Program: https://conf.researchr.org/home/ease-2024
09:00-12:30 
 Time  
9:00 - 09:30 Keynote: Adaptive Security Architecture for Federated Data & Digital Ecosystems
  Asif Gill, University of Technology Sydney, Australia
   
09:30-09:45 An LLM-based Approach to Recover Traceability Links between Security Requirements and Goal Models
  Jameleddine Hassine
   
09:45-10:00 Securing Agile: Assessing the Impact of Security Activities on Agile Development
  Arpit Thool and Chris Brown
10:00-10:15 Software Vulnerability Prediction in Low-Resource Languages: An Empirical Study of CodeBERT and ChatGPT
  Triet Huynh Minh Le, Muhammad Ali Babar and Tung Hoang Thai
10:15-10:30 Study for Integrating IoT-IDS Datasets: Machine and Deep Learning for Secure IoT Network System
  Shalli Rani, Ankita Sharma and Muhammad Zohaib
10:30 - 11:00 Coffee Break 
   
11:00 - 11:15 5G Secure Solution Development and Security Master Role
Muhammad Ovais Ahmad
   
11:15 - 11:30 An Empirical Investigation of the Security Weaknesses in Open-Source Projects
  Haifa Al-Shammare, Nehal Al-Otaiby, Muradi Al-Otabi and Mohammad Alshayeb
   
11:30 - 11:45 Challenges in Developing Secure Software within Agile Environments
  Reem Alshareef, Esra'a Alshabeeb, Noor Alakkas and Mahmood Niazi
   
11:45 - 12:00 MLOps-Enabled Security Strategies for Next-Generation Operational Technologies
  Tazeem Ahmad, Mohd Adnan, Saima Rafi, Muhammad Azeem Akbar and Ayesha Anwar
   
12:00 - 12:15 The Security Culture Readiness Model (SCRM) for Saudi Universities: A Preliminary Structure
  Mona Albinali and Mahmood Niazi
12:15 - 12:30 Triaging Microservice Security Smells, with TriSS
  Francisco Ponce, Jacopo Soldani, Carla Taramasco, Hernan Astudillo and Antonio Brogi
   

About the Workshop

Over the last decade, an increasing number of organizations have started focusing on software security because modern applications typically operate in a hostile network-based environment. Traditionally, organizations have tried to address security concerns by finding and fixing security vulnerabilities once the software development cycle is completed. A software needs to be secured against any unauthorized users, and this can be achieved by incorporating security mechanisms into different phases of the software development lifecycle. However, incorporating security practices and processes into different phases of the software development life cycle remains a challenge. Software security area is evolving due to different factors such as increasing failure rates of software projects, economic downturn, and software development without security in mind, globalization and outsourcing. The empirical software engineering researchers need new approaches, models, and tools for addressing various emerging challenges of software security in this modern age. There is a need for using empirical evidence to support different new approaches in the software security research and practice which will provide researchers with innovative knowledge on which to develop different software security processes and practices. This will also help in improving existing software security approaches and processes in order to effectively develop secure software. This workshop will bring together and advance the work that has been undertaken on software security. The outcome of this workshop will provide researchers and practitioners with a firm basis on which to develop different practices/ tools/ techniques that are based on an understanding of how and where they fit into secure software development and research. New practices/ tools/ techniques could then be developed targeting secure software engineering community.

Aim of the workshop

The aim of this workshop is to provide a venue to discuss software security challenges, opportunities and lessons learned under the umbrella of empirical software engineering and software evaluation. This workshop will bring together researchers and practitioners from academia, industry and governments to report empirical studies and discuss the issues relating to software security. This workshop will seek submissions reporting original, unpublished research on software security covering any aspect of experimental, empirical and evidence-based software engineering, for example the use of quantitative and qualitative methods for empirical evaluation of software security techniques, processes, methods, tools and best practices. This will be a one-day paper-based presentations workshop, which will accept research and software industry papers on the topic of software security.

Call for Papers

This workshop aspires to provide an opportunity for the empirical software engineering researchers and practitioners to present the state of the art, state of the practice, and the future directions on the following topics of software security.

  • Systematic literature reviews and mapping studies on software security
  • Tertiary studies on software security
  • Empirically based decision-making
  • Controlled experiments and quasi-experiments
  • Case studies, surveys, observational studies, Delphi studies, field studies on software security
  • Empirical studies on software security using qualitative, quantitative, and mixed methods
  • Evaluation of software security techniques, tools and models
  • Secure software requirements
  • Secure software design
  • Secure software coding
  • Secure software acceptance
  • Secure software deployment, operations and maintenanc
  • Secure software acquisition
  • Project management for secure software development
  • Best practices and lessons learned in secure software development projects
  • Software security in global projects
  • Secure software metrics
  • Best practices and lessons learned in secure software development projects

Paper Submission

The maximum page length for the workshop is 10 pages. Workshop proceedings will be integrated in the EASE 2024 conference companion proceedings. Submitted papers must be written in English, contain original unpublished work, and conform to the ACM proceedings format. Please submit manuscripts via EasyChair, and in pdf format: https://conf.researchr.org/home/ease-2024

Important Dates

Papers submission

March 15, 2024 (Extended)

Notifications to authors

April 12, 2024

Camera-ready

April 26, 2024

Early registration

May 5, 2024

Workshop date

June 21, 2024

Workshop Program Committee

  • Richard Lai, La Trobe University, Melbourne, Australia
  • Ali Ouni, ETS Montreal, University of Quebec, Montreal, Canada
  • Asif Gill, University of Technology Sydney, Australia
  • Mohamed Wiem Mkaouer, Rochester Institute of Technology, Rochester, NY, USA
  • Samuel Ajila, Carleton University, Ottawa, Canada
  • Eman Abdullah AlOmar, Stevens Institute of Technology, New Jersey, USA
  • Affan Yasin, Northwestern Polytechnical University, China
  • Azeem Akbar, Lappeeranta-Lahti University of Technology, Finland
  • Siffat Ullah Khan, Malakand University, Pakistan
  • Saqib Ali, Sultan Qaboos University, Oman
  • Sajid Anwer, National University of Computer and Emerging Sciences, Pakistan

Workshop Chairs

Sajjad Mahmood

Associate Professor of software engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia. He received his Ph.D. from La Trobe University, Melbourne, Australia. Prior to pursuing his Ph.D., he also worked as a software engineer in the United States and Australia. He is an active researcher in the field of software engineering and has published more than 80 articles in peer-reviewed journals and international conferences. He has worked as a principal and co-investigator in a number of research projects that investigate issues related to global software development and secure software development. His research interests include empirical software engineering, evidence-based software engineering, global software development, secure software development, and software process improvement in general.

Mohammad Alshayeb

Professor of software engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia. He received his MS and Ph.D. in Computer Science and certificate of Software Engineering from the University of Alabama in Huntsville in 2000, 2002, and 1999 respectively. Dr. Alshayeb worked as a senior researcher and Software Engineer and managed software projects in the United States and the Middle East. Dr. Alshayeb taught and coordinated industrial training courses. He provided consulting services to major industrial and educational institutes. Dr. Alshayeb is a member of the editorial board of several Software Engineering Journals. Dr. Alshayeb received a number of certificates of excellence and appreciation from many companies. Dr. Alshayeb received Khalifa award for education as "the distinguished University Professor in the Field of Teaching within the Arab World", in 2016. He also received the "Excellence in Teaching", "Excellence in Advising" and "Instructional Technology" awards from KFUPM. Dr. He is a certified project manager (PMP). Dr. Alshayebأ¢â‚¬â„¢s research interests include empirical studies in Software Engineering, secure software, software quality, and software measurement and metrics

Mahmood Niazi

Professor of Software Engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals Saudi Arabia. He has received the MPhil degree from the University of Manchester, U.K., and the Ph.D. degree from the University of Technology Sydney, Australia. He has spent more than a decade with leading technology أ¯آ¬ظ¾rms and universities as a Process Analyst, a Senior Systems Analyst, a Project Manager, and a Professor. He has participated in and managed several software development projects. Dr. Niazi is an active researcher in the field of empirical software engineering. Dr. Niazi has published over 100 articles He is interested in developing sustainable processes in order to develop systems, which are reliable, secure, and fulfill customer needs. His research interests are evidence-based software engineering, requirements engineering, sustainable, reliable, and secure software engineering processes, global and distributed software engineering, software process improvement, and software engineering project management. Previously Dr. Niazi worked for Keele University UK, National ICT Australia, University of Technology Sydney Australia, University of Sydney Australia, and the University of Manchester UK.

CONTACT US

Sajjad Mahmood, Mohammad Alshayeb, Mahmood Niazi

smahmood@kfupm.edu.sa | alshayeb@kfupm.edu.sa | mkniazi@kfupm.edu.sa

  • Information and Computer Science Department, King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia
  • Interdisciplinary Research Center for Intelligent Secure Systems, King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia