We are holding our yearly security conference in Darmstadt on the 22nd of March – that’s next week – together with our partners from Fraunhofer SIT and CAST. This time, the focus subject will be DevOps and cloud technologies, including both operations and development preparation for the security in the cloud. The speakers are prepared to talk about a range of things from threat modeling and management down to massive tests, so I expect it will be rather interesting. We will also have a couple of presentations from companies talking about how they do things in their own cloud software in practice, so it will not be all theory either.
The conference is as usual mixed in German and English, we may ask the presenters to speak English only when we have people who do not speak German in the audience, so let us know on site. All details of the conference are here: https://www.cast-forum.de/workshops/programm/244
Come over to Darmstadt, join our conference, you will be very welcome!
We are organizing the workshop on “Secure Software Development” now for the third year in a row. As usual, the workshop is in Darmstadt and the logistics is cared for by the CAST e.V. The date for the workshop is 12 November.
This year most presentations seem to be in German, so probably it does not make much sense for non-German speaking people. But if you speak German, we have some rather interesting subjects like our experiences with vulnerability management, research into sociotechnical basis of development security and problems with developing the mobile payment infrastructure security.
The workshop is a great place for discussions and meeting various people working on security in software development. Please, come and join us on 12 November!
Call for Papers:
First International Workshop on Agile Development of Secure Software (ASSD’15)
in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES’15) August 24-28, 2015, Université Paul Sabatier, Toulouse, France
Submission Deadline: April 15, 2015
Most organizations use the agile software development methods, such as Scrum and XP for developing their software. Unfortunately, the agile software development methods are not well suited for the development of secure systems; they allow change of requirements, prefer frequent deliveries, use lightweight documentation, and their practices do not include security engineering activities. These characteristics limit their use for developing secure software. For instance, they do not consider conflicting security requirements that emerge in different iterations.
The goal of the workshop is to bring together security and software development researchers to share their finding, experiences, and positions about developing secure software using the agile methods. The workshop aims to encourage the use of scientific methods to investigate the challenges related to the use of the agile approach to develop secure software. It aims also to increase the communication between security researchers and software development researchers to enable the development of techniques and best practices for developing secure software using the agile methods.
Topics of interest
The list of topics that are relevant to the ASSD workshop includes the following, but is not limited to:
- Challenges for agile development of secure software
- Processes for agile development of secure software
- Incremental development of cyber-physical systems
- Secure software development training and education
- Tools supporting incremental secure software development
- Usability of agile secure software development
- Security awareness for software developers
- Security metrics for agile development
- Security and robustness testing in agile development
Submission Deadline: April 15, 2015
Author Notification: May 11, 2015
Proceedings version: June 8, 2015
Conference: August 24-28, 2015