Keynote title: Security by design: an opinionated tour

Abstract: “Security by design” has been around as a concept for many years now. In this talk, I will present and overview and personal impressions of research that has happened in this area during the past 15 years, and outline where I think we should be heading next.

Koen Yskout is a research manager in the DistriNet research group of KU Leuven in Belgium, where he leads the secure software engineering (security by design) research track. He obtained his PhD at KU Leuven in 2013 on the use of patterns to connect security requirements and software architecture. His research interests include processes, methodologies, models, patterns, and design notations for secure software engineering, as well as empirical evaluations of those.

Keynote title: Technical Leverage: Dependencies Are a Mixed Blessing.

Abstract: If modern software is a jungle of dependencies, how do we measure opportunities and risks of building your own software on somebody else software assets? Borrowing a concept from the 2008 financial crisis, we propose technical leverage as a simple yet effective metric.

Fabio Massacci is a full professor at the Vrije University, Amsterdam. He as MEng’92, PhD’98 Computer Engineering, MA’95 in International Relations). He held visiting positions in Durham, Koblenz, Lueven, Marina del Rey, and Oslo. He presented in top hackers’ venues (BlackHat USA, Asia), top computer security conferences (ACM CCS, IEEE S&P), top empirical software engineering journals (ESEJ, IEEE TSE) and top risk analysis journals (Risk Analysis). For his work on security and trust in socio-technical systems he has received the Ten years Most Influential Paper Award by the IEEE Requirements Engineering. He has coordinated several European projects (including a multidisciplinary projects with economist, sociologists abd computer scientists on socio-economic aspects of security SECONOMICS). He is the coordinator on the H2020 AssureMOSS project on open source security risk assessment and certification (“Written everywhere, Secured in Europe”).