Call for Papers

DevSecOpsRA accepts regular papers (up to 8 pages), short papers (up to 5 pages), and position papers (up to 2 pages). Lenghts include bibliography and well marked appendices.

Full papers will be published in the proceedings of EuroS&P. Position and short papers will not be included in the proceedings. Extended versions of selected papers will be invited to special issues of peer-reviewed journals.

Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply at this link. Please do not use other IEEE templates.

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.

Important dates

  • Paper submission deadline: March 31, 2023
  • Notification of acceptance: April 30, 2023
  • Final papers: May 15, 2023

Papers must be submitted through the EasyChair system.

Scope and topics
Security should not be treated as an add-on to software products; rather, it should be deeply integrated within the whole Software Development Life-Cycle (SDLC). The need for this integration and the design of suitable methodologies to make agile software development secure are paving their way in the security community. In this context, we often refer to DevSecOps or SecDevOps when discussing security integration in agile software production. Recently, players such as NIST, Google, OWASP, and the Cloud Security Alliance proposed their frameworks for secure software development. However, this provides only an initial step towards tackling the challenges related to the security of the many and iterated steps of SDLC.

Machine learning and AI can play a crucial role in DevSecOps as they can be used to analyse large amounts of data, including network traffic and system logs, to identify potential security threats, monitor system behaviour and identify anomalies that may indicate a security breach. By using machine learning in DevSecOps, organisations can more effectively detect and respond to security threats and improve their overall security posture. Moreover, they can be used in an automated way to interweave security in existing DevOps pipelines.

With this workshop, we aim to attract novel contributions to the secure SDLC to foster the creation of more conscious, robust, resilient, and advanced methodologies to prevent security issues at the different stages of the development pipeline. Topics of interest include but are not limited to:

  • Methodological approaches to agile secure software development
  • Security testing integration in the software supply chain
  • Static and dynamic software bill of materials
  • Secure software development via cloud testing
  • Security as a service
  • Machine learning approaches to speed up security testing
  • Maturity models for secure software development
  • Declinations of DevSecOps in different fields
  • Integration of incident and response team operations
  • Artificial intelligence for software security analysis
  • Tracking and handling updates along the software supply chains
  • AI support to Secure Software Development
  • Automated vulnerability detection
  • AI & ML in fuzzing

Organizers