THE 1st INTERNATIONAL IEEE WORKSHOP ON SECURITY IN SOFTWARE ENGINEERING WORKSHOP ORGANIZERS General Chairs Michael Jiang Ph.D., michael.jiang@motorola.com Motorola Labs, Motorola Inc., Schaumburg, IL 60196, USA. Prof. Patrick McDaniel, mcdaniel@cse.psu.edu Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA 16802, USA Program Chairs Dr. Jan Jurjens, The Open University, UK Yan Liu, Ph.D. yanliu@motorola.com Motorola Labs, Motorola Inc., Schaumburg, IL 60196, USA. WORKSHOP DURATION This workshop is planned as a three-session event for a full-day workshop. Most activities will involve paper presentations and generous time for discussions. If limited by space or time, the workshop can be condensed to two sessions. WORKSHOP THEME The ever growing demand in software security has made it a well recognized multi-disciplinary sub-area across software engineering, security engineering, and programming languages. Software security has thus become a fundamental problem in software engineering, as it mainly focuses on developing secure software and understanding the security risks and managing these risks throughout the lifecycle of software. Members of security boards and councils voice concern about software security in today's highly distributed software systems. The lack of comprehensive, cost-effective, systematic and adaptive engineering approaches to ensure software security and protect software systems poses major challenges to both industrial practitioners and scientists. The workshop invites international scholars and industrial practitioners to discuss and present their work on different aspects of the processes, methods, theories, tools, techniques, and experience that have addressed security in software engineering practices and studies and made contributions to further assure/improve security in software systems and applications. In this workshop, we will discuss the following non-exhaustive list of topics: Management of Software Security in industrial practice / Security Requirements/ Design for Security/ Language-based Security/ Malicious code prevention and code safety/ Security Risk analysis/ Security Taxonomy and Metrics/ Security Testing/ Application security : detection and protection EXPECTED ACHIEVEMENTS 31st Annual International Computer and Applications Conference - COMPSAC 2007 1 The purpose of the workshop is to bring together researchers and practitioners in software and application security in order to create a forum for discussing recent advances in improving security in software engineering and inspiring research on new methods and techniques to advance security engineering in industrial practice. We also expect that through this workshop, researchers and practitioners will better understand the issues and challenges in software safety and security from software engineering perspective. WORKSHOP FORMAT The workshop starts with an invited talk, introducing the topic and discussing issues and challenges of security in software engineering. Technical sessions with paper presentations and generous time for discussions will follow. The workshop will end with a (moderated) panel discussion on important issues for future trends in this area. Specific focus will be laid upon the topic of how the traditional software requirements, design, implementation, test, and maintenance process needs to be adapted in order to address security. PUBLICITY As security has become a growing concern for both academia and industry, many researchers from academia and commercial labs have worked in this area. To participate in the workshop, we will invite scholars who are interested to submit an abstract of their paper. We will also advertise the workshop on various newsgroups in the appropriate research areas. PROGRAM COMMITTEE Jon A. Solworth, University of Illinois at Chicago, USA Janos Sztipanovits, Vanderbilt University, USA Kevin Butler Pennsylvania State University, USA Jon Giffin Georgia Tech University, USA Hervé DEBAR France Telecom Yuanyuan Zhou University of Illinois at Urbana-Champaign, USA Mike Burmester, Florida State University, USA Yong Guan Iowa State Unviersity, USA Hossein Saiedian , University of Kansas, USA Johann Schumann NASA Ames Research Center, USA Chuang Lin Tsinghua University, China 31st Annual International Computer and Applications Conference - COMPSAC 2007 2 Ninghui Li Purdue University 31st Annual International Computer and Applications Conference - COMPSAC 2007 3