From: David Wagner <>
Date: Tue, 26 Nov 2002 00:56:18 -0800 (PST)
Subject: [e-lang] Software security workshop

I thought the following workshop announcement might of interest to
folks here.  I will be there.  The agenda looks great. 

For fun, take a look at the list of sample topics for the Outrageous
Opinions session ( 
Here's a great chance to advocate for capabilities!

-- David 

We're busy organizing a workshop on software security (first we know of) and
hope that you can attend.  Here are some details and a URL.   Feel free to
contact me directly for more information (like the draft Agenda).  Hope to
see you there!

Gary McGraw, Ph.D. 
CTO, Cigital

DIMACS Workshop on Software Security 

Dates: January 6-7, 2003
Location: DIMACS Center, CoRE Building,  Rutgers University

  Gary McGraw, chair, Cigital, 
  Ed Felten, Princeton University, 
  Virgil Gligor, University of Maryland, 
  Dave Wagner, University of California at Berkeley, 

Invited Speakers:
  Brian Kernighan, Princeton University:  
        Coding Excellence: Security as a Side Effect of Good Software 
  Michael Howard, Microsoft: 
        The Microsoft Trustworthy Computing Initiative from the Inside
  Dan Geer, @STake:
        Software Security in the Big Picture: Repeating ourselves all over
WWW Information: 


The security of computer systems and networks has become increasingly
limited by the quality and security of the software running on these 
machines. Researchers have estimated that more than half of all
vulnerabilities are due to buffer overruns, an embarrassingly elementary
class of bugs. All too often systems are hacked by exploiting software bugs.
In short, a central and critical aspect of the security problem is a
software problem. How can we deal with this? 

The Software Security Workshop will explore these issues.  The scope of the
workshop will include security engineering, architecture and implementation
risks, security analysis, mobile and malicious code, education and training,
and open research issues.  In recent years many promising techniques have
arisen from connections between computer security, programming languages,
and software engineering, and one goal is to bring these communities closer
together and crystallize the subfield of software security.

Call for participation 


You are encouraged to submit short (3 pages or less) abstracts for
presentation at a poster session (in tandem with wine and cheese). 

You are also encouraged to submit  (one paragraph) ideas to be expounded
during an "Outrageous Opinions" session, meant to stir up controversy and



(pre-registration deadline 12/30/02)  

Regular rate  (1 day/2 days)
  $120/$240 on or before 12/30/02
  $140/$280 after 12/30/02
Academic/nonprofit rate*
  $60/$120 on or before 12/30/02 
  $70/$140 after 12/30/02
  $10/day on or before 12/30/02 
  $15/day after 12/30/02
Non-Local Graduate & Undergraduate students
  $5/day on or before 12/30/02 
  $10/day after 12/30/02

Registration fee to be collected on site, cash, check, VISA/Mastercard

Registration fees include participation in the workshop, all workshop
materials, breakfast, lunch, breaks and any scheduled social events  (if

Information on participation, financial support, registration,
accommodations, and travel can be found at: 

e-lang mailing list