Call for Papers

The 1st edition of the Security Testing for Complex Software Systems (SECUTE) workshop aims to provide a forum for researchers and practitioners to present and discuss empirical research on security testing.
We expect that the workshop will help to:

  • Providing researchers with a comprehensive understanding of the current state of security testing practices.
  • Defining key terms, challenges, and opportunities in the field.
  • Analyzing case studies to understand the experience of software engineers working with security testing.
  • Encouraging participants to share their experiences and insights regarding challenges faced in dealing with security in real-world complex systems.
  • Developing a roadmap for future research directions on the matter.

Topics of interest

Topics of interest include, but are not limited to, the following:

  • Studies on the effectiveness of security testing in complex architectures and systems, e.g., AI-enabled, cyber-physical, IoT, and Virtual Reality systems.
  • Adoption of security testing in non-source artifacts, like Infrastructure-as-Code scripts.
  • Empirical studies on security testing methodologies.
  • Presentation of novel methods for soliciting the adoption of security testing during the development.
  • Presentation of novel automated tools for security testing.
  • Evolution and improvement of existing methods and techniques for security testing.
  • Assessment or re-evaluation of existing automated tools for security testing.
  • User studies to understand the experience of software engineers working with security testing.
  • Case studies on real-world contexts where security testing practices are adopted.
  • Lessons learned and challenges faced while dealing with security in real-world complex systems.

In line with the main conference call for papers, we welcome papers employing any of the following empirical methods in SE:

  • Action Research
  • Benchmarking
  • Case Study
  • Case Survey
  • Data Science
  • Engineering Research (aka design as research, design science)
  • Experiment with human participants
  • Grounded Theory
  • Longitudinal Study
  • Meta-science
  • Mixed Methods (also select methods that were mixed)
  • Optimization Studies
  • Qualitative Survey (i.e., interview study)
  • Quantitative Simulation
  • Questionnaire Survey (quantitative)
  • Repository Mining
  • Systematic Literature Review
  • Mixed methods and multi-methodology
  • Replication studies

SECUTE also welcomes studies with negative findings or nonsignificant results.

How to submit

All submissions must use the official ACM Primary Article Template. Formatting instructions are available for both LaTeX and Word users. LaTeX users must use the provided acmart.cls and ACM-Reference-Format.bst without modification, enable the conference format in the preamble of the document (i.e., \documentclass[sigconf,review]{acmart}), and use the ACM reference format for the bibliography (i.e., \bibliographystyle{ACM-Reference-Format}).

The authors have two options for submitting their papers:

  • Full research papers (max 10 pages) that describe empirical research (i.e., quantitative, qualitative, and mixed research) on security testing in complex systems and architectures. Negative results papers are welcome if they can support advices or lessons learned. Papers reporting replications of empirical studies are welcome as well.
  • Ongoing research papers (max 5 pages) that describe ongoing research on topics related to the workshop. The purpose of these papers is to communicate new ideas in the context of security testing in complex systems for which the authors want to obtain early feedback from the workshop community, especially on the evaluation and assessment strategies. An ongoing research paper must describe the idea and the proposed evaluation and assessment strategy, possibly (but not necessarily) with some preliminary results.

Authors must comply with the SIGSOFT Open Science Policy, (i.e., to archive data and artifacts in a permanent repository—e.g., Zenodo, not GitHub—to the extent ethically and practically possible, and include links in a Data Availability section in their manuscripts).

SECUTE 2024 employs a double-anonymous review process. Do not include author names or affiliations in submissions. All references to the author’s prior work should be in the third person. Any online supplements, replication packages, etc., referred to in the work should also be anonymized. Advice for sharing supplements anonymously can be found here.

By submitting to SECUTE 2024, authors agree to the ACM Policy and Procedures on Plagiarism, Misrepresentation, and Falsification. Papers submitted must not be published or under review elsewhere. The Program Chairs may use plagiarism detection software under contract to the ACM. If the research involves human participants/subjects, the authors must adhere to the ACM Publications Policy on Research Involving Human Participants and Subjects.

Please note that for each accepted paper, at least one author must register at SECUTE 2024 and present it. This is mandatory to get the paper published in the proceedings.

Link for the submission: https://easychair.org/conferences/?conf=secute2024

Evaluation Criteria

All papers will be subjected to a thorough peer review, focusing on originality, quality, soundness, and relevance, each reviewed by three program committee members. The review process will be following the same criteria of the main conference, namely:

  • Soundness: The extent to which the paper’s contributions and/or innovations address its research questions and are supported by rigorous application of appropriate research methods.
  • Significance: The extent to which the paper’s contributions can impact the field of software engineering and under which assumptions (if any).
  • Novelty: The extent to which the contributions are sufficiently original with respect to the state-of-the-art.
  • Verifiability and Transparency: The extent to which the paper includes sufficient information to understand how an innovation works; how data was obtained, analyzed, and interpreted; and how the paper supports independent verification or replication of the paper’s claimed contributions.
  • Presentation: The extent to which the paper’s quality of writing meets the high standards of EASE, including clear descriptions, adequate use of the English language, absence of major ambiguity, clearly readable figures and tables, and adherence to the formatting instructions provided above.

Special Issue

Authors of selected papers accepted at SECUTE 2024 will be invited to submit revised, extended versions of their manuscripts for a special issue of the Empirical Software Engineering (EMSE), edited by Springer.

You can find more details here: https://emsejournal.github.io/special_issues/2024_SI_SECUTE.html

Important dates

  • Paper submission: March 15th, 2024
  • Paper notification: April 12th, 2024
  • Early registration deadline: April 26th, 2024
  • Paper camera-ready: May 5th, 2024
  • Workshop: June 21st, 2024