International Symposium on Engineering Secure Software and Systems 
February 04-06, 2009
Leuven, Belgium

In-Cooperation with ACM SIGSAC and SIGSOFT

Trustworthy, secure software is a core ingredient of the modern world. 
Unfortunately, the Internet is too. Hostile, networked environments, 
like the Internet, can allow vulnerabilities in software to be 
exploited from anywhere. To address this, high-quality security 
building blocks (e.g., cryptographic components) are necessary, but 
insufficient. Indeed, the construction of secure software is 
challenging because of the complexity of modern applications, the 
growing sophistication of security requirements, the multitude of 
available software technologies and the progress of attack vectors. 
Clearly, a strong need exists for engineering techniques that scale 
well and that demonstrably improve the software's security properties.

The goal of this symposium, which will be the first in a series of 
events, is to bring together researchers and practitioners to advance 
the states of the art and practice in secure software engineering. 
Being one of the few conference-level events dedicated to this topic, 
it explicitly aims to bridge the software engineering and security 
engineering communities, and promote cross-fertilization. The symposium 
will feature two days of technical program as well as one day of 
tutorials. The technical program includes an experience track for which 
the submission of highly informative case studies describing 
(un)successful secure software project experiences and lessons learned 
is explicitly encouraged.

The Symposium seeks submissions on subjects related to its goals. This 
includes a diversity of topics including (but not limited to):
-	scalable techniques for threat modeling and analysis of 
-	specification and management of security requirements and policies 
-	security architecture and design for software and systems 
-	model checking for security 
-	specification formalisms for security artifacts 
-	verification techniques for security properties 
-	systematic support for security best practices 
-	security testing 
-	security assurance cases
-	programming paradigms, models and DLS's for security 
-	program rewriting techniques 
-	processes for the development of secure software and systems 
-	security-oriented software reconfiguration and evolution 
-	security measurement 
-	automated development 
-	trade-off between security and other non-functional requirements 
-	support for assurance, certification and accreditation 

The proceedings of the symposium will be published by Springer-Verlag in 
the Lecture Notes in Computer Science Series 
( Submitted papers must present original, 
non-published work of high quality. Submissions should follow the 
formatting instructions of the Springer LNCS Style, and should include 
maximally 15 pages for research papers and 10 pages for industrial 
papers (figures and appendices included). Proposals for tutorials are 
highly welcome as well. Further guidelines will appear on the website 
of the symposium. 

Abstract submission: September 8, 2008
Paper submission: September 15, 2008
Author notification: November 5, 2008
Camera-ready: November 24, 2008
Tutorial submission: October 24, 2008
Tutorial notification: November 21, 2008

Jorge Cuellar (Siemens AG)
Wouter Joosen (Katholieke Universiteit Leuven)
Fabio Massacci (Universita' di Trento)
Gary McGraw (Cigital)
Bashar Nuseibeh (The Open University)
Samuel Redwine (James Madison University)

General chair: Bart De Win (Katholieke Universiteit Leuven)
Program co-chairs: Fabio Massacci (Università di Trento) and Samuel 
Redwine (James Madison University)
Publication chair: Nicola Zannone (University of Toronto)
Tutorial chair: Riccardo Scandariato (Katholieke Universiteit Leuven)

Matt Bishop (University of California (Davis), USA)
Brian Chess (Fortify Software, USA)
Richard Clayton (Cambridge University, UK)
Christian Collberg (University of Arizona, USA)
Bart De Win (Katholieke Universiteit Leuven, BE)
Juergen Doser (ETH, CH)
Eduardo Fernandez-Medina (University of Castilla-La Mancha, ES)
Dieter Gollmann (University of Hamburg, DE)
Michael Howard (Microsoft, USA)
Cynthia Irvine (Naval Postgradual School, USA)
Jan Jurjens (Open University, UK)
Volkmar Lotz (SAP Labs, FR)
Antonio Mana (University of Malaga, ES)
Robert Martin (MITRE, USA)
Fabio Massacci (Università di Trento, IT)
Mira Mezini (Darmstadt University, DE)
Mattia Monga (Milan University, IT)
Andy Ozment (DoD, USA)
Gunther Pernul (Universitat Regensburg, DE)
Domenico Presenza (Engineering, IT)
Samuel Redwine (James Madison University, USA)
Riccardo Scandariato (Katholieke Universiteit Leuven, BE)
Ketil Stolen (Sintef, NO)
Eric Vetillard (Trusted Logic, FR)
Jon Whittle (Lancaster University, UK)
Mohammad Zulkernine (Queens University, AU)