=Paper=
{{Paper
|id=Vol-1977/preface
|storemode=property
|title=None
|pdfUrl=https://ceur-ws.org/Vol-1977/preface.pdf
|volume=Vol-1977
}}
==None==
<pdf width="1500px">https://ceur-ws.org/Vol-1977/preface.pdf</pdf>
<pre>
   Secure Software Engineering in DevOps and
               Agile Development

                Martin Gilje Jaatun and Daniela Soares Cruzes

                       SINTEF Digital, Trondheim, Norway

    Software security is about protecting information and ensuring that systems
continue to function correctly even when under malicious attack. The traditional
approach of securing a system has been to create defensive walls such as intrusion
detection systems and firewalls around it, but there are always cracks in these
walls, and thus such measures are no longer sufficient by themselves. We need
to be able to build better, more robust and more “inherently secure” systems,
and we should strive to achieve these qualities in all software systems, not just
in the ones that “obviously” need special protection.
    Software security reached prominence the the publication of Gary McGraw’s
book in 2006, but was of course not invented then. However, few software devel-
opment organizations other than those involved with creating security software
saw the need for paying much attention to software security, and thus the secure
software development frameworks available tended to be rather clunky and not
particularly suited to the emerging agile software development approaches. If
we accept the earlier stated premise that software security is necessary for all
software, there is clearly a need for software security methodologies that also
work with agile.
    This year the workshop was co-located with ESORICS 2017 in Oslo, Norway.
This year’s workshop focused on techniques, experiences and lessons learned for
engineering secure and dependable software using the DevOps paradigm, as well
as other forms of agile development.
    The program of the workshop was comprised of three different forms of contri-
butions. The Keynote speaker was Laurie Williams from NCSU, who presented
the Experiences with Continuous Deployment and Software Security in Google,
Netflix, Facebook and others. We have also included two presentations from in-
dustry as a form of opening the communication between academia and practice:
Dr. Jostein Jensen presented the experiences from Kongsberg Digital on indus-
trial enterprise security and Per Kronström presented the experiences of Visma
Software with static analysis tools.
    Of course, a workshop would not be a success without the hard work of the
many researchers and practitioners who submitted their papers for review. This

  Copyright c 2017 by the paper’s authors. Copying permitted for private and academic
  purposes.
  In: M.G. Jaatun, D.S. Cruzes (eds.): Proceedings of the International Workshop
  on Secure Software Engineering in DevOps and Agile Development (SecSE 2017),
  published at http://ceur-ws.org
ii

year we received 11 submissions, from which we selected 6 to be presented at
the workshop and inclusion in these workshop proceedings.
   We are grateful for the hard work performed by our Technical Program Com-
mittee:
     – Sergey Bratus, Dartmouth College, USA
     – Achim Brucker, Sheffield University, UK
     – Estibaliz Delgado, Tecnalia, Spain
     – Zeta Dooly, TSSG, Ireland
     – Jörn Eichler, Fraunhofer Institute for Applied and Integrated Security (AISEC),
       Germany
     – Shamail Faily, Bournemouth University, UK
     – Michael Felderer, University of Innsbruck, Austria
     – Christophe Feltus, LIST, Luxembourg
     – Sami Hyrynsalmi, Tampere University of Technology, Finland
     – Ronald Jabangwe, Maersk Mc-Kinney Moller Institute, SDU Software En-
       gineering, University of Southern Denmark
     – Khaled M. Khan, Qatar University, Qatar
     – Ville Leppänen, University of Turku, Finland
     – Federico Mancini, FFI, Norway
     – Per Håkon Meland, SINTEF Digital, Norway
     – Anh Nguyen Duc, NTNU, Norway
     – Tosin Daniel Oyetoyan, SINTEF, Norway
     – Riccardo Scandariato, KTH, Sweden
     – Hossain Shahriar, Kennesaw State University, USA
     – Emin Tatli, Medipol University, Turkey
     – Laurie Williams, NCSU, USA
     – George Yee, Carleton University, Canada
     – Mohammad Zulkernine, Queens University, Canada
   We would like to gratefully acknowledge the hard work of the organizing
committee. Finally, we would like to thank our sponsors, the Research Council
of Norway through the project SoS-Agile (NFR 247678).


       Martin Gilje Jaatun and Daniela Soares Cruzes, workshop program chairs.

</pre>