Second International Workshop on Secure Software: Challenges, Opportunities, and Lessons Learned

Co-located with 25th International Conference on Evaluation and Assessment in Software Engineering (EASE 2022), 13-15 June 2022, Gothenburg, Sweden.

About the Workshop

Over the last decade, an increasing number of organizations have started focusing on software security because modern applications typically operate in a hostile network-based environment. Traditionally, organizations have tried to address security concerns by finding and fixing security vulnerabilities once the software development cycle is completed.A software needs to be secured against any unauthorized users, and this can be achieved by incorporating security mechanisms into different phases of the software development lifecycle. However, incorporating security practices and processes into different phases of the software development life cycle remains a challenge. Software security area is evolving due to different factors such as increasing failure rates of software projects, economic downturn, and software development without security in mind, globalization and outsourcing. The empirical software engineering researchers need new approaches, models, and tools for addressing various emerging challenges of software security in this modern age. There is a need for using empirical evidence to support different new approaches in the software security research and practice which will provide researchers with innovative knowledge on which to develop different software security processes and practices. This will also help in improving existing software security approaches and processes in order to effectively develop secure software. This workshop will bring together and advance the work that has been undertaken on software security. The outcome of this workshop will provide researchers and practitioners with a firm basis on which to develop different practices/ tools/ techniques that are based on an understanding of how and where they fit into secure software development and research. New practices/ tools/ techniques could then be developed targeting secure software engineering community.

Aim of the workshop

The aim of this workshop is to provide a venue to discuss software security challenges, opportunities and lessons learned under the umbrella of empirical software engineering and software evaluation. This workshop will bring together researchers and practitioners from academia, industry and governments to report empirical studies and discuss the issues relating to software security. This workshop will seek submissions reporting original, unpublished research on software security covering any aspect of experimental, empirical and evidence-based software engineering, for example the use of quantitative and qualitative methods for empirical evaluation of software security techniques, processes, methods, tools and best practices. This will be a one-day paper-based presentations workshop, which will accept research and software industry papers on the topic of software security.

Call for Papers

This workshop aspires to provide an opportunity for the empirical software engineering researchers and practitioners to present the state of the art, state of the practice, and the future directions on the following topics of software security.

  • Systematic literature reviews and mapping studies on software security
  • Tertiary studies on software security
  • Empirically based decision making
  • Controlled experiments and quasi-experiments
  • Case studies, surveys, observational studies, Delphi studies, field studies on software security
  • Empirical studies on software security using qualitative, quantitative, and mixed methods
  • Evaluation of software security techniques, tools and models
  • Secure software requirements
  • Secure software design
  • Secure software coding
  • Secure software testing
  • Secure software acceptance
  • Secure software deployment, operations and maintenance
  • Secure software acquisition
  • Project management for secure software development
  • Software security in global projects
  • Secure software metrics
  • Best practices and lessons learned in secure software development projects

Paper Submission

The maximum page length for the workshop is 6 pages. Workshop proceedings will be integrated in the EASE 2022 conference companion proceedings. Submitted papers must be written in English, contain original unpublished work, and conform to the ACM proceedings format ( Please submit manuscripts via EasyChair, and in pdf format:

Important Dates

Papers submission

February 28, 2022

Notifications to authors

March 28, 2022


April 25, 2022

Workshop Program Committee

  • Asif Gill, University of Technology Sydney, Australia
  • Muhammad Usman, Blekinge Institute of Technology, Sweden
  • Azeem Akbar, Lappeeranta-Lahti University of Technology, Finland
  • Siffat Ullah Khan, Malakand University, Pakistan
  • Saqib Ali, Sultan Qaboos University, Oman
  • Samuel Ajila, Carleton University, Ottawa, Canada
  • Richard Lai, La Trobe University, Australia
  • Sajid Anwer, Griffith University, Australia

Workshop Chairs

Sajjad Mahmood

Associate Professor of software engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia. He received his PhD from La Trobe University, Melbourne, Australia. Prior to pursing his PhD, he also worked as a software engineer in United States and Australia. He is an active researcher in the field of software engineering and has published more than 80 articles in peer reviewed journals and international conferences. He has worked as principal and co-investigators in a number of research projects that investigate issues related to global software development and secure software development. His research interests include empirical software engineering, evidence-based software engineering, global software development, secure software development and software process improvement in general.

Mohammad Alshayeb

Professor at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals, Saudi Arabia. He received his MS and PhD in Computer Science and certificate of Software Engineering from the University of Alabama in Huntsville in 2000, 2002 and 1999 respectively. Dr. Alshayeb worked as a senior researcher and Software Engineer and managed software projects in the United States and the Middle East. Dr. Alshayeb taught and coordinated industrial training courses. He provided consulting services to major industrial and educational institutes. Dr. Alshayeb is a member in the editorial board of the Software Engineering Journal, Journal of Software, Journal of Information Technology & Software Engineering and the Arabian Journal of Science and Engineering. Dr. Alshayeb received a number of certificates of excellence and appreciation from many companies. Dr. Alshayeb received Khalifa award for education as "the distinguished University Professor in the Field of Teaching within Arab World", 2016. He also received the "Excellence in Teaching", the "Excellence in Advising" award and the "Instructional Technology" awards from KFUPM. Dr. Alshayeb is a member of a number of professional associations. He is a certified project manager (PMP). Dr. Alshayeb’s research interests include empirical studies in Software Engineering, software refactoring, software quality, software measurement and metrics and object-oriented design.

Mahmood Niazi

Professor of Software Engineering at the Information and Computer Science Department, King Fahd University of Petroleum and Minerals Saudi Arabia. He has received the MPhil degree from the University of Manchester, U.K., and the Ph.D. degree from the University of Technology Sydney, Australia. He has spent more than a decade with leading technology firms and universities as a Process Analyst, a Senior Systems Analyst, a Project Manager, and a Professor. He has participated in and managed several software development projects. Dr. Niazi is an active researcher in the field of empirical software engineering. Dr. Niazi has published over 100 articles He is interested in developing sustainable processes in order to develop systems, which are reliable, secure, and fulfil customer needs. His research interests are evidence-based software engineering, requirements engineering, sustainable, reliable and secure software engineering processes, global and distributed software engineering, software process improvement, and software engineering project management. Previously Dr. Niazi worked for Keele University UK, National ICT Australia, University of Technology Sydney Australia, University of Sydney Australia and University of Manchester UK.


Sajjad Mahmood, Mohammad Alshayeb, Mahmood Niazi

  • Information and Computer Science Department, King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia
  • Interdisciplinary Research Center for Intelligent Secure Systems, King Fahd University of Petroleum and Minerals Dhahran, Saudi Arabia