Re: CFP: IEEE Security & Privacy issue on Software Static Analysis

["Chess, Brian" <chess () hp com>]

Let me add this: static analysis for both security and reliability is in the midst of a golden age.  There's 
significant interest from academia, vendors big and small, and for the first time ever, thousands of programmers and 
security professionals.  S&P is an excellent forum for talking about what's going on from any and all of those 
perspectives.  It doesn't move at the speed of twitter, so you can actually present a complete and coherent thought, 
but it's not nearly as stuffy as the IEEE Proceedings on Things That Happened a Decade Ago.

If you have an idea for a submission that you'd like to discuss, please feel free to get in touch with Chris or with 
me.  No need to wait for the August 15 deadline for abstracts.

Brian

From: sc-l-bounces () securecoding org [mailto:sc-l-bounces () securecoding org] On Behalf Of Chris Wysopal
Sent: Wednesday, July 06, 2011 2:03 PM
To: Secure Code Mailing List (SC-L () securecoding org)
Subject: [SC-L] CFP: IEEE Security & Privacy issue on Software Static Analysis

Call for Papers
IEEE Security & Privacy
Software Static Analysis
Abstract submissions due: 15 Aug. 2011
Final submissions due: 15 Sept. 2011
Publication date: May/June 2012
Secure and reliable software is hard to build, but the costs of failure are steep. Data breaches caused by attackers 
exploiting vulnerabilities in software made many headlines in 2011 and show no sign of abating. Sony, RSA Security, and 
PBS were compromised, their intellectual property stolen, and the privacy of their customers impacted; all due to 
vulnerabilities in software. Software reliability problems have led to bungled lotteries, medical device failures, the 
early release of convicted felons, and enumerable other problems.
The precise details of software failures are often scarce, but it's clear that the defects underlying many software 
problems could have been identified earlier using static analysis. As software platforms proliferate, from mobile 
devices to the cloud to embedded devices such as the smart grid, it will be even more difficult to get software right. 
Will static analysis be up for the challenge?
This special issue of IEEE Security & Privacy will address both static analysis technology and the challenges of using 
it during software development and acquisition. Is it possible to apply static analysis to the wide range of software 
assurance challenges that exist today? We solicit articles from:

 *   individuals building static analysis technology
 *   individuals integrating static analysis into software development methodologies and processes
 *   organizations implementing software security programs that used static analysis to manage software risk 
organization-wide
government agencies and industry regulators who use static analysis to manage software risk
Potential submission topics include (but are not limited to):

 *   How can we build more useful static analysis technology: reducing analysis errors, improving scalability, or 
making static analysis easier to use?
 *   What are the benefits of integrating static analysis with other software development technologies or processes 
such as dynamic testing or threat modeling?
 *   Can static analysis results be integrated with other information sources such as network analysis, firewall logs, 
or intrusion detection?
 *   How can an organization scale static analysis across hundreds of software teams and projects?
 *   Using static analysis to understand the risk in software you didn't build.
 *   Using static analysis to find privacy problems.
 *   Can static analysis be used to help educate software developers?
 *   How do modern programming languages, frameworks, and trends impact the effectiveness of static analysis?
 *   Can static analysis be the basis for automatically repairing some kinds of vulnerabilities?
Submission Guidelines
Submissions will be subject to the IEEE Computer Society's peer-review process. Articles should be at most 6,000 words, 
with a maximum of 15 references, and should be understandable to a broad audience of people interested in security and 
privacy. The writing style should be down to earth, practical, and original. Authors should not assume that the 
audience will have specialized experience in a particular subfield. All accepted articles will be edited according to 
the IEEE Computer Society style guide. Submit your papers to ScholarOne athttps://mc.manuscriptcentral.com/cs-ieee.
Questions?
Contact the Guest Editors: Brian Chess (chess () hp 
com)<javascript:location.href='mailto:'+String.fromCharCode(99,104,101,115,115,64,104,112,46,99,111,109)+'?'> and Chris 
Wysopal (cwysopal () veracode 
com)<javascript:location.href='mailto:'+String.fromCharCode(99,119,121,115,111,112,97,108,64,118,101,114,97,99,111,100,101,46,99,111,109)+'?'>


Chris Wysopal
CTO & Co-founder
Office: 781-418-3823/Cell: 617-501-3277/Fax: 781-425-6039
www.veracode.com<http://www.veracode.com>




_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________