Security Forum Hagenberg 2015

sf_logoI will be talking about the philosophy in engineering or the human factor in the development of secure software at the Security Forum in Hagenberg im Mühlkreis, Austria on 22nd of April.

My talk will concentrate on the absence of a holistic, systemic approach in the current software development as a result of taking the scientific approach of “divide and conquer” a bit too far and applying it where it should not be.

It may seem at first that philosophy has nothing to do with software development or with security but that is not so. We, the human beings, operate on a particular philosophical basis, the basis of thinking, whether implied or explicit. Our technologies are fine, what needs change is the human that applies and develops technologies. And the change starts in the mind, with the philosophy that we apply to our understanding of the world.

Workshop on Agile Development of Secure Software (ASSD’15)

Call for Papers:

First International Workshop on Agile Development of Secure Software (ASSD’15)

ARES7_2in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES’15) August 24-28, 2015, Université Paul Sabatier, Toulouse, France

Submission Deadline: April 15, 2015

Workshop website:


Most organizations use the agile software development methods, such as Scrum and XP for developing their software. Unfortunately, the agile software development methods are not well suited for the development of secure systems; they allow change of requirements, prefer frequent deliveries, use lightweight documentation, and their practices do not include security engineering activities. These characteristics limit their use for developing secure software. For instance, they do not consider conflicting security requirements that emerge in different iterations.

The goal of the workshop is to bring together security and software development researchers to share their finding, experiences, and positions about developing secure software using the agile methods. The workshop aims to encourage the use of scientific methods to investigate the challenges related to the use of the agile approach to develop secure software. It aims also to increase the communication between security researchers and software development researchers to enable the development of techniques and best practices for developing secure software using the agile methods.

 Topics of interest

The list of topics that are relevant to the ASSD workshop includes the following, but is not limited to:

  • Challenges for agile development of secure software
  • Processes for agile development of secure software
  • Incremental development of cyber-physical systems
  • Secure software development training and education
  • Tools supporting incremental secure software development
  • Usability of agile secure software development
  • Security awareness for software developers
  • Security metrics for agile development
  • Security and robustness testing in agile development

 Important dates

Submission Deadline:     April 15, 2015

Author Notification:        May 11, 2015

Proceedings version:      June 8, 2015

Conference:                       August 24-28, 2015