Traditionally, security in software has been thought to be something that can be easily added on as a patch, post-development, and sometimes even after the deployment of the software. According to the US-Computer Emergency Readiness Team (US-CERT), "most successful attacks result from targeting and exploiting known, non-patched software vulnerabilities and insecure software configurations, many of which are introduced during design and code." Hence, it is imperative that secure design, coding and testing principles as well as deployment and maintenance are thoroughly embedded in the software development lifecycle. At the same time, software security is very inter-disciplinary, as software is being developed for a variety of applications - web, Internet, database, single and distributed computer systems, etc..
In the above context, the Fourth International Conference on Software Security brings together researchers, faculty, students and industry professionals who are experts in different domains of computer and information security, but all leading to the design, development, deployment and maintenance of secure software. We invite papers that are both theoretical as well as practical in nature, from both academia and industry. Some of the topics of interest (but not limited to) are: