SecDev 2026
Secure Development Conference
(https://conf.researchr.org/home/secdev-2026)
Montreal, Canada
Conference Dates
7/5/26 - 7/6/26
Submission Dates
Paper and Tutorial Submission: 1/29/26
Note: SecDev 2026 is co-located with FSE 2026. In-person attendance is
mandatory for all accepted papers and tutorials.
Call for Papers (Full Text)
SecDev is a venue for presenting ideas, research, and experience about
how to develop secure systems. It focuses on theory, techniques, and
tools to "build security in" to existing and new computing systems,
and does not focus on simply discovering the absence of security. This
year SecDev is co-located with FSE 2026.
The goal of SecDev is to encourage and disseminate ideas for secure
system development among academia, industry, and government. It aims
to bridge the gap between constructive security research and practice
and to enable the real-world impact of security research in the long
run.
Developers have valuable experiences and ideas that can inform
academic research, and researchers have concepts, studies, and even
code and tools that could benefit developers. Great SecDev
contributions could come from attendees of industrial conferences like
AppSec and RSA; from attendees of academic conferences like IEEE S&P,
IEEE CSF, USENIX Security, CCS, NDSS, PLDI, ICSE, FSE, ISSTA, SOUPS,
HOST, and others; and from newcomers.
Call For Research Papers and Tutorials
We solicit research and experience papers on a broad range of topics
relating to secure systems development. Examples of topics that are in
scope include: the development of libraries, tools, or processes to
produce systems resilient to certain attacks; formal foundations that
underpin a language, tool, or testing strategy to improve security;
techniques that drastically improve the scalability of security
solutions for practical deployment; and experience, designs, or
applications showing how to apply cryptographic techniques effectively
to secure systems. We also welcome papers on machine learning for
security automation in the software lifecycle, security assessment of
generative AI output, including automated code and configuration,
adversarial methods and defenses for generative code models (e.g.,
prompt injection, data poisoning), secure integration of generative AI
tools in development workflows (SecDevOps), and formal methods and
control of security policies for GenAI-generated artifacts.
SecDev also seeks hands-on and interactive tutorials on
security-focused processes, frameworks, languages, and tools. The goal
is to share knowledge on the experience, art, and science of secure
systems development.
We welcome submissions of Systematization of Knowledge (SoK) papers
that evaluate, organize, and contextualize existing
knowledge. Submissions must include the prefix "SoK: " in the title.
SecDev also has calls for other types of contributions, such as
posters and tool demos, and abstracts from practitioners. Information
on these solicitations are available on the SecDev website
https://conf.researchr.org/home/secdev-2026
Areas of Interest
Areas of interest include (but are not limited to):
Security/resiliency-focused system designs (HW/SW/architecture)
Tools and methodology for secure code development
Risk management and testing strategies to improve security
Security engineering processes, from requirements to maintenance
Security benchmarks and reproducibility studies
Comparative experimental evaluation
From research to practice - gaps and transitions
Programming languages, development tools, and ecosystems supporting security
Static program analysis for software security
Dynamic analysis and runtime approaches for software security
Automation of programming, deployment, and maintenance tasks for security
Software ecosystem and software supply chain security
Distributed systems design and implementation for security
Privacy by design
Developing secure multi-agent systems
AI/ML-based secure development
Human-centered design for systems security
Formal verification and other high-assurance methods for security
Code reviews, red teams, and other human-centered assurance
Mandatory In-Person Attendance
Note that SecDev is an in-person conference. Hence, for authors of all
accepted papers and tutorials, we expect them to register for, and
attend the conference in person. Thus, if you can foresee that this
will be problematic for you, please do not submit.
Mandatory article processing charges (APC)
Starting 2026, all articles published by ACM will be made Open
Access. This is greatly beneficial to the advancement of computer
science and leads to increased usage and citation of research. Most
authors will be covered by ACM OPEN agreements by that point and will
not have to pay Article Processing Charges (APC). Check if your
institution participates in ACM OPEN. Authors not covered by ACM OPEN
agreements may have to pay APC; however, ACM is offering several
automated and discretionary APC Waivers and Discounts. Further
information is available here:
https://libraries.acm.org/acmopen/article-types
Other Notes on submission:
Submissions must follow the latest policies from ACM ("ACM Policy on
Authorship", with associated FAQ), which includes a policy specific to
the use of generative AI tools and technologies, such as ChatGPT.
The official publication date is the date the proceedings are made
available in the ACM Digital Library. This date may be up to two weeks
prior to the first day of FSE 2026. The official publication date
affects the deadline for any patent filings related to published work.
Purchases of additional pages in the proceedings are not allowed.
Submission Details
Submission website: The website for submissions: https://secdev2026.hotcrp.com/
Latex Template: Submissions must use the two-column ACM Proceedings
style. It must follow the ACM formatting guidelines, see
http://www.acm.org/publications/proceedings-template for
details. Authors using LaTeX must use the provided acmart.cls and
ACM-Reference-Format.bst without modification, enable the conference
format in the preamble of the document
(i.e. \documentclass[sigconf,review]{acmart}), and use the ACM
reference format for the bibliography (i.e.,
\bibliographystyle{ACM-Reference-Format}).
Submissions must be one of three categories:
Long (up to 10 pages), or Short (up to 6 pages, may be shorter)
Research papers, excluding references and well-marked
appendices. These must be well-argued and worthy of publication and
citation, on the topics above. Research papers must present new work,
evidence, or ideas. SoK papers are allowed (title must contain the
"SoK:" prefix). Position papers with exceptional visions will also be
considered.
Long (up to 10 pages), or Short (up to 6 pages, may be shorter)
Experience papers, excluding references and well-marked
appendices. These submissions should be reporting experience on the
application of some tool(s) or methodology in a non-trivial
setting. Papers in this category must include a discussion on the
positive/negative results and the lessons learned.
Authors of accepted Research/Experience papers will present their work
at the conference (e.g., in a 30-minute slot) and their papers will
appear in the conference's formal ACM proceedings.
We will follow the ACM SIGSOFT rules on Conflicts of Interest and
Confidentiality of
Submissions. https://www.sigsoft.org/policies/pgmcommittee.html#con_int. To
improve the fairness of the reviewing process, SecDev will follow a
light-weight double-blind reviewing process. Submitted papers must (a)
omit any reference to the authors' names or the names of their
institutions, and (b) reference the authors' own related work in the
third person (e.g., not "We build on our previous work ...' but rather
"We build on the work of …"). Nothing should be done in the name of
anonymity that weakens the submission or makes the job of reviewing
the paper more difficult (e.g., important background references should
not be omitted or anonymized). Please see the double-blind FAQ for the
answers to many common concerns about SecDev's double-blind reviewing
process. When in doubt, contact the program chairs.
Tutorial proposals, up to 2 pages and cover (a) the topic; (b) a
summary of the tutorial format highlighting hands-on aspects and
possibly pointers to relevant materials; (c) the expected audience and
expected learning outcomes; (d) prior tutorials or talks on similar
topics by the authors (and audience size), if any. The title of the
submission should be prefixed with "Tutorial:". Tutorial proposals do
not need to be anonymized.
Accepted tutorials should aim to be either 90 minutes or 180 minutes
long. We strongly encourage tutorials to have hands-on components and
audience interactions. We do not recommend simply slide
presentations. Accepted tutorials may have their two-page abstract
appear in the conference's formal ACM proceedings. Tutorials will
occur on the first day of the conference (Tuesday, October 14). Note
that if an aqccepted tutorial requires special materials or
environments for the hands-on participation, we expect the authors to
provide necessary preparation instructions for the attendees. At least
one author of each accepted paper and tutorial must register for the
conference and present the paper/tutorial. However, registration for
tutorial presenters is free of charge.
We are devoted to seeking broad representation in the program, and may
take this into account when reviewing multiple submissions from the
same authors.
If you have any questions, please email us: secdev.conference@gmail.com.
Use of AI-based tools (e.g., ChatGPT, Copilot)
In addition to the ACM policy for using ChatGPT, inspired by PoPETs,
SecDev prescribes the following guidelines for using AI-based tools.
For authors: Papers that use AI-based tools such as ChatGPT or Copilot
for writing or writing assistance are required to disclose their use
in the acknowledgment section as follows.
If you verbatim include text generated by an AI-based tool, you
are required to disclose what part of the text, along with the
prompt and the AI tool used for it. If you include significantly
paraphrased text that was initially generated by an AI-based tool,
you are also required to disclose what part of the text, along
with the prompt and the AI tool used for it.
If you use AI-based tools to revise writing style (e.g., change
the text to active voice) or fix typographical issues, then you should
mention which sections were revised using what kind of instructions or
prompts (e.g., "The authors used ChatGPT4 to revise the text in
Section 4 to correct any typos, grammatical errors, and awkward
phrasing").
For reviewers: We expect reviewers will not use AI-based tools (e.g.,
ChatGPT, Copilot) to write or edit their reviews. Furthermore, the
reviewers are prohibited from inputting or uploading the submitted
articles or draft reviews that may contain details about the submitted
articles to AI-based tools. At the time of review submission,
reviewers are asked to self-certify that the review they are
submitting is written by themselves and not generated or edited by
AI-based tools.
Important Dates
Paper and tutorial submission deadline: Thursday, 1/29/26
Author notification: Thursday, 3/19/26
Camera-ready deadline: Friday, 3/27/26
Conference dates: 7/5/26 and 7/6/26