Call for Papers

The 2nd International Workshop on Software Security Testing (SECUTE) aims to provide a forum for researchers and practitioners to present and discuss empirical research on security testing for software systems.

Workshop Scope

The workshop aims to:

  • Present novel techniques for creating, managing, and evolving security test cases.
  • Evaluate and benchmark existing security testing techniques and approaches.
  • Defining key terms, challenges, and opportunities in the field.
  • Provide researchers with a comprehensive understanding of the current state of security testing practices.
  • Analyzing case studies to understand the experience of software engineers performing security testing activities.
  • Encouraging participants to share their experiences and insights regarding challenges faced in dealing with security in real-world software systems.
  • Developing a roadmap for future research directions on the matter.

In line with the scope of the main conference, ASE 2026, SECUTE expects papers to employ the typical research methods as reported in the SIGSOFT Empirical Standards. SECUTE welcomes studies with negative findings or nonsignificant results, as well as preliminary ideas.

Topics of Interest

SECUTE has the following topics of interest:

  • Automated generation of security test cases.
  • Maintenance of security test cases.
  • Dynamic vulnerability reproduction and exploitation.
  • Empirical studies on the evolution of security test cases.
  • Benchmarking security testing approaches.
  • Creation and curation of datasets of security test cases (and related data).
  • The oracle problem in security test cases.
  • Documentation, summarization, and comprehension of security test cases.
  • Creation and curation of guidelines for security testing.
  • Integration of security test cases in CI/CD.
  • Security testing for third-party vulnerabilities and software supply chain security.
  • Security testing for non-source artifacts, e.g., Infrastructure-as-Code scripts.
  • Empirical studies on the effectiveness/benefits of security testing in real-world software systems.
  • User studies to understand the experience of software engineers performing security testing.
  • Case studies on real-world contexts where security testing is performed.
  • Lessons learned and challenges connected to security testing.
  • and other topics concerning software security testing.

Submission Categories

SECUTE accepts the following paper types:

  • Full research papers (max 8 pages including references) that present empirical research on topics related to the workshop. Negative results papers are welcome if they can support advice or lessons learned. Papers reporting replications of empirical studies are also welcome.
  • Ongoing research papers (max 5 pages including references) that describe ongoing research on topics related to the workshop. The purpose is mostly to communicate new ideas and obtain early feedback from the workshop community. An ongoing research paper must describe the idea and the proposed evaluation and assessment strategy, possibly (but not necessarily) with some preliminary results.
  • Tool and data papers (max 5 pages including references) that present usable tools and datasets on topics related to the workshop.

Review Criteria

Each paper will undergo a thorough double anonymous peer-review process involving three program committee members.

The paper will be evaluated according to the following criteria:

  • Significance: The extent to which the paper's contributions can impact the field of software engineering, and under which assumptions (if any).
  • Soundness: The extent to which the paper's contributions and/or innovations address its research questions and are supported by rigorous application of appropriate research methods.
  • Novelty: The extent to which the contributions are sufficiently original with respect to the state-of-the-art.
  • Verifiability and Transparency: The extent to which the paper includes sufficient information to understand how an innovation works; how data was obtained, analyzed, and interpreted; and how the paper supports independent verification or replication of the paper's claimed contributions.
  • Presentation: The extent to which the paper's quality meets the academic writing standards, including clear descriptions, adequate use of the English language, absence of major ambiguity, clearly readable figures and tables, and adherence to the formatting instructions provided above.

The other submission requirements follow the same as those of the main conference ASE 2026.

All papers must include a Data Availability Statement placed after the last section (typically the Conclusion) of the paper submitted, within the page limit, declaring where artifacts (reproduction package, appendices, etc.) can be found. During the peer-review period, the artifacts should be stored in publicly accessible, anonymized repositories so reviewers can inspect them. At this stage, there is no need to reserve a DOI. After acceptance, the artifacts must have a DOI, and the link must be updated. To increase the paper's verifiability and transparency, it is recommended to provide all data and scripts used in the research. However, if some data cannot be released, there must be a clear justification.

SECUTE 2026 follows the same submission policy as the main conference ASE 2026. Namely, the papers submitted to SECUTE 2026 must not have been published elsewhere and must not be under review or submitted for review elsewhere when being considered for SECUTE 2026. Authors should be aware of the ACM Policy and Procedures on Plagiarism and the IEEE Plagiarism FAQ. To check for double submission and plagiarism issues, the chairs reserve the right to (1) share the list of submissions with the PC Chairs of other conferences with overlapping review periods and (2) use external plagiarism detection software, under contract to the ACM or IEEE, to detect violations of these policies. Contravention of the submission policy will be deemed a serious breach of scientific ethics, and appropriate action will be taken in all such cases.

How to Submit

All submissions must use the official ACM Primary Article Template. Formatting instructions are available for both LaTeX and Word users.

LaTeX users must use the provided acmart.cls and ACM-Reference-Format.bst without modification, enable the conference format in the preamble of the document (i.e., \documentclass[sigconf,review,anonymous]{acmart}), and use the ACM reference format for the bibliography (i.e., \bibliographystyle{ACM-Reference-Format}).

Link for the submission (on HotCRP): Coming soon.

Important Dates

  • Paper submission: July 17th, 2026
  • Paper notification: August 23rd, 2026
  • Camera ready deadline: September 1st, 2026
  • Workshop: 2026