Software
vulnerabilities can cause tremendous operational and financial damage to individuals and
organisations in the event of cyber attacks. For example, the recent Log4J vulnerability
can make millions of systems worldwide open to cyber attacks and potentially cause
billions of dollars of damage. Software Vulnerability Management (SVM) is a critical
process during software development to ensure software security and prevent these
dangerous cyber attacks. SVM typically contains various phases such as detection,
assessment, prioritisation, fixing/patching and reporting/disclosure. In the last 10
years, there has been an unprecedented rise in the size and complexity of software
systems. For instance, the codebase of Google services contains more than two billion
lines of code. This in turn requires new technologies, tools, and practices for SVM to
ensure the security of such systems.
The International Workshop on Software Vulnerability Management
(SVM) is a venue that aims to bring together academics, industry and government
practitioners to present and discuss the state-of-the-art and state-of-the-practice of
SVM to support both current and emerging software technologies and infrastructures.
The International Workshop on Software Vulnerability
Management (SVM) invites academia, industry, and governmental entities to submit
original research papers and demos (hands-on or videos) concerning the advances and
practices of software vulnerability management from both technical and
socio-technical perspectives.
The suggested topics include but not limited to:
The SVM workshop welcomes two types of submissions:
We adopt the guidelines of ICSE 2023 paper submission for the SVM workshop. Specifically, submissions must conform to the IEEE conference proceedings template, specified in the IEEE Conference Proceedings Formatting Guidelines (title in 24pt font and full text in 10pt type, LaTeX users must use \documentclass[10pt,conference]{IEEEtran} without including the compsoc or compsocconf options).
When submitting to the workshop, authors acknowledge that they conform to the authorship policy of the ACM, and the authorship policy of the IEEE.
Authors are strongly encouraged to share the artifacts (e.g., data, code, and models) in the submissions, whenever possible, as per the Open Science Policy of ICSE 2023.
The submissions need to be made to HotCRP at https://svmconf2023.hotcrp.com/.
As per the ICSE 2023 guidelines, papers and abstracts submitted for review must be anonymous: (1) Authors' names and affiliations must be omitted; (2) All of the references to the authors' previous work need to be done in the third person, as though it were written by someone else; (3) When referring to or including a website (e.g., GitHub) that contains source code, tools, or other supplemental materials, the link in the submission and the website itself must not contain the authors' names and/or affiliations; (4) Avoid using the submission title when sharing/discussing the submission publicly during the review process; (5) Avoid mentioning the paper/preprint uploaded to a public repository (e.g., Arxiv) is under submission to the workshop. Each paper will then be anonymously reviewed by at least three experts that do not have a conflict of interest with the author(s). Papers or abstracts that are not properly anonymized may be desk rejected without review.
We seriously consider Conflicts of Interest during the paper review. Both authors and program committee members are encouraged to cooperate to prevent submissions from being evaluated by reviewers having a conflict of interest with any of the authors. The authors and reviewers can refer to the ACM Conflict of Interest Policy for identifying a conflict of interest.
If the research involves human participants/subjects, the
authors must adhere to the ACM Publications Policy on Research Involving Human
Participants and Subjects. Upon submitting, authors will declare their compliance to
such a policy.
If the submission describes, or otherwise takes advantage of,
newly discovered software vulnerabilities or cyber attacks, the authors should
disclose these vulnerabilities to the vendors/maintainers of affected systems prior
to the submission deadline. When disclosure is necessary, authors are expected to
include a statement within their submission and/or final paper about steps taken to
fulfill the goal of responsible disclosure.
Tweets by svmconf