[CFP] ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED '22)

[will-ww]

在 OpenSSF 的 Slack 上看到的 CFP 信息：

• https://scored.dev/call_for_papers/

Call for Papers The SCORED workshop invites academia, industry, and governmental entities to submit original research papers and demos (hands-on or videos) concerning the security of software supply chains from both technical and policy perspectives.

Suggested topics include, but are not limited to:

• Attacks on the software supply chain
• Securing source control
• Trustworthy builds
• Reproducible builds
• Secure CI/CD
• Code signing
• Integrity for container images
• Package management security
• Code dependency tracking and patch propagation
• Software updates
• Developer identity management
• Code vulnerability tracking and disclosure as well as vulnerable code-clone detection
• Static analysis
• Hardware-assisted software supply chain integrity
• Software bills of materials (SBOMs)
• Specification of supply chain security policies
• Tools for securing the SW supply chain
• Interfacing the hardware and software supply chains
• Surveys or Systemization of Knowledge (SoK) of the SW supply chain security landscape
• Public policy around SW supply chain security
• SW supply chain security best practices
• Standards
• Domain-specific software supply chains (voting, finance etc)
• Security economics
• Human behavioral and measurement studies, e.g. on the adoption of best practices
• Software engineering education
• Policy declaration and enforcement for control plane
• Computer-aided vulnerability patching
• Computer-aided language translation, e.g. C2Rust

Important Dates

• Paper/demo abstract submission deadline: July 29, 2022 (5pm AoE)
• Author notification: September 9, 2022
• Camera ready due: September 30, 2022 (hard deadline)
• Workshop: TBA

Submission Requirements and Policies Submissions include research papers (at least 5 pages long, 8 pages maximum) or 2-page demo abstracts:

• Research papers include a) Original research on a SW supply chain security topic, b) Systematization of Knowledge (SoK) of SW supply chain security;
• 2-page demo abstracts present interesting findings on SW supply chain security in practice, which will be accompanied by a hands-on presentation during the workshop.

Submitted papers can be up to 8 pages long, not including appendices and references. Final versions of the papers may not exceed 11 pages. Submitted abstracts can be up to 2 pages including references.