Call for Papers

The SCORED workshop invites academia, industry, and governmental entities to submit original research papers and demos (hands-on or videos) concerning the security of software supply chains from both technical and policy perspectives.

Suggested topics include, but are not limited to:

Important Dates

Submission Format

Submissions include research papers (5-8 pages), position papers (2-5 pages) and demo abstracts (2-3 pages):

For submission, paper page limits do not include appendices and references. Final versions of papers may not exceed a total of 8 or 11 pages for position papers or research papers, respectively. Submitted abstracts can be up to 2 pages including references. Submissions accompanied by non-disclosure agreement forms will not be considered.

Submissions (including abstracts) must be a PDF file in double-column ACM format (see, with a simpler version at Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the ACM format.

Submissions not following the required format may be rejected without review.

Accepted papers and abstracts will be published by the ACM Press and/or the ACM Digital Library. A shepherd may be assigned to ensure the quality of the proceedings version of the submission. Each accepted submission must be presented at SCORED by a registered author.

Policy for Simultaneous Submissions

Authors of submitted research papers to SCORED are welcome to additionally submit a demo abstract for presentation at the same SCORED workshop. Demo abstracts that are overly focused on the advertisement of a product or service, rather than interesting findings and insights gained from the use of a product or operation of a service, are heavily discouraged.

Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions not meeting these guidelines risk immediate rejection.

Anonymous Submission

The review process will be double-blind. Papers and abstracts must be submitted in a form suitable for anonymous review: (1) The title page should not contain any author names or affiliations. (2) When referring to your previous work, do so in the third person, as though it were written by someone else. Only blind the reference itself in the (unusual) case that a third-person reference is infeasible. (3) Authors may include links to websites that contain source code, tools, or other supplemental material. Neither the link in the submission nor the website itself should contain the authors’ names or affiliations.

Papers or abstracts that are not properly anonymized may be rejected without review.

While submitted papers must be anonymous, authors may choose to give talks about their work, post a preprint of the paper online, disclose security vulnerabilities to vendors or the public, etc. during the review process.

Conflicts of Interest

The program co-chairs require cooperation from both authors and program committee members to prevent submissions from being evaluated by reviewers who have a conflict of interest. During the submission process, we will ask authors to identify members of the program committee with whom they share a conflict of interest. This includes: (1) anyone who shares an institutional affiliation with an author at the time of submission, (2) anyone who was the advisor or advisee of an author at any time in the past, (3) anyone the author has collaborated or published within the prior two years, (4) anyone who is serving as the sponsor or administrator of a grant that funds your research, or (5) close personal friendships. For other forms of conflict, authors must contact the chairs and explain the perceived conflict.

Responsible Vulnerability Disclosure

If the submission describes, or otherwise takes advantage of, newly identified vulnerabilities or attacks (e.g., software vulnerabilities in a given program or design weaknesses in a hardware system), the authors should disclose these vulnerabilities to the vendors/maintainers of affected software or hardware systems prior to the CFP deadline. When disclosure is necessary, authors are expected to include a statement within their submission and/or final paper about steps taken to fulfill the goal of responsible disclosure.

Human Subjects and Ethical Considerations

Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:

If a paper raises significant ethical or legal concerns, including in its handling of personally identifiable information (PII) or other kinds of sensitive data, it might be rejected based on these concerns.

Submission Site

Submit your paper or demo abstract here: