COSEc:  International Workshop on Continuous Software Engineering and System Compliance

Overview

Continuous delivery without continuous assurance is a risk. Modern software is assembled from microservices, cloud platforms, and AI/ML components that evolve under tight release cadences and shifting regulatory expectations. COSEc 2025 aims to bring together researchers and practitioners to discuss and debate methods and tools on continuous software engineering and compliance. The workshop seeks concrete advances in (i) machine-checkable policy modelling and explainable verification, (ii) build-time analysis that reveals reliability and compliance risks early in development, (iii) run-time analytics for anomaly detection, incident forensics, and continuous auditing, and (iv) intelligent assistants (AIOps/LLM/RAG) that give developers and auditors situational awareness across code, configuration, data flows, and service dependencies. COSEc is open to all APSEC 2025 participants and complements, rather than duplicates, the main program by emphasizing practical integration into CI/CD pipelines and operational workflows. 

Workshop Themes

COSEc 2025 examines continuous software engineering and continuous compliance at the intersection of software engineering, systems management, artificial intelligence, and control theory. The workshop builds on emerging R&D aiming to deliver coherent models, development tooling, and runtime platforms for cyber-physical and cloud-native systems that must remain dependable and auditable as they evolve.

The technical focus is on, but not limited to, the following areas: 

• Specification and modeling, addressing formal and semi-formal representations that enable machine-checkable policies and traceable requirements;

• Analysis techniques for fault proneness and security vulnerabilities detection, designing novel techniques to warn developers of code or system changes that are error prone or introduce security risks;

• DevOps processes and operational models, covering pipeline-integrated checks, shift-left practices, and governance of changes across services and data; 

• Data management and analytics, including lineage, quality, privacy, and policy-aware processing; 

• Infrastructure and event handling, spanning cloud-native orchestration, distributed eventing, and telemetry collection with assurances; 

• Run-time adaptivity and resilience, where feedback control, anomaly detection, and preventative maintenance guide autonomous adjustments; and 

• Security, trust, and traceability, emphasizing verifiable use of cryptography and secrets, access control, provenance, and auditability across code, configurations, and datasets.