IEEE SecDev 2016: Prioritizing Secure Development

D eveloping software in 2016 is different than it was when IEEE Security & Privacy magazine was founded in 2003. Developers now need to know about the constantly evolving threat landscape, the challenging complexity of systems security, and the accelerating pace of software and system development. Computer attacks in 2003 were rare enough that the term computer worms had to be defined when reported and taxonomies needed to be developed.1,2 Today’s threats are from well-funded militaries and companies with expertise in attacking systems, applications, and data, and the attacks are more varied and common. Back in 2003, Microsoft and Apple released a major OS update roughly every two years, and it took another year or two for it to be installed on the majority of systems. Today, a significant new OS version comes out almost every year, and the ability to share data and services across platforms like smartphones and smart watches is becoming ubiquitous. It’s clear that developers, researchers, and practitioners need a venue to discuss design approaches and tools for building security in and significantly reducing the introduction of vulnerabilities. Great progress is being made in the academic security research community, but research results don’t transition to the engineering and development communities to the necessary extent and at the necessary speed. To address this critical need, the IEEE Cybersecurity Initiative is introducing a new event that aims to expand interactions and bridge the gap between cybersecurity research and development: the IEEE Cybersecurity Development Conference (IEEE SecDev). The inaugural IEEE SecDev 2016 Conference will be held on 3–4 November 2016 in Boston.