Call for Papers/Talks

The SCORED workshop invites academia, industry, and governmental entities to submit original research papers or security-in-practice talks concerning the security of software supply chains from both technical and policy perspectives.

Suggested topics include, but are not limited to:

Important Dates

Submission Format

Submissions in SCORED ‘24 fall under two tracks: research papers (5-8 pages), and security-in-practice talks (800 words max):

Submissions accompanied by non-disclosure agreement forms will not be considered. Submissions not following the required format may be rejected without review.

Research Papers

For submissions, the main body of the paper should not exceed 8 pages, but additional pages for appendices and references are allowed. Research papers accepted for publication in the proceedings (i.e., camera-ready version) may not exceed a total of 11 pages, including references and appendices.

Submissions in the research paper track must be a PDF file in double-column ACM format (see, with a simpler version at Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the ACM format.

Accepted papers will be published by the ACM Press and/or the ACM Digital Library. A shepherd may be assigned to ensure the quality of the proceedings version of the paper. Each accepted submission must be presented at SCORED by a registered author.

Security-in-Practice (SiP) Talks

Submissions in the SiP talk track propose a 20-min one or two-speaker talk on a specific workshop topic. Submissions must include two parts: (1) an Abstract that provides a detailed and focused summary of the proposed talk (max 300 words), and (2) a “Relevance and Benefits to the Ecosystem” section that describes how the content of your presentation will help better the ecosystem or anything you wish to share with the program committee (max 500 words). Speakers may submit additional supplemental materials at the time of submission.

Accepted SiP talks must use the provided template to be included in the proceedings. The talk abstracts published in the proceedings must not exceed 2 pages, including any supplementary materials figures, tables and references.

Policy for Simultaneous Submissions

Authors of submitted research papers to SCORED are welcome to additionally submit a security-in-practice talk for presentation at the same SCORED workshop. Talk abstracts that are overly focused on the advertisement of a product or service, rather than interesting findings and insights gained from the use of a product or operation of a service in practice, are heavily discouraged.

Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions not meeting these guidelines risk immediate rejection.

Anonymous Submission

The review process will be double-blind. Papers and talk abstracts must be submitted in a form suitable for anonymous review: (1) The title page should not contain any author names or affiliations. (2) When referring to your previous work, do so in the third person, as though it were written by someone else. Only blind the reference itself in the (unusual) case that a third-person reference is infeasible. (3) Authors may include links to websites that contain source code, tools, or other supplemental material. Neither the link in the submission nor the website itself should contain the authors’ names or affiliations.

Papers or abstracts that are not properly anonymized may be rejected without review.

While submitted papers must be anonymous, authors may choose to give talks about their work, post a preprint of the paper online, disclose security vulnerabilities to vendors or the public, etc. during the review process.

Conflicts of Interest

The program co-chairs require cooperation from both authors and program committee members to prevent submissions from being evaluated by reviewers who have a conflict of interest. During the submission process, we will ask authors to identify members of the program committee with whom they share a conflict of interest. This includes: (1) anyone who shares an institutional affiliation with an author at the time of submission, (2) anyone who was the advisor or advisee of an author at any time in the past, (3) anyone the author has collaborated or published within the prior two years, (4) anyone who is serving as the sponsor or administrator of a grant that funds your research, or (5) personal friendships. For other forms of conflict, authors must contact the chairs and explain the perceived conflict.

Responsible Vulnerability Disclosure

If the submission describes, or otherwise takes advantage of, newly identified vulnerabilities or attacks (e.g., software vulnerabilities in a given program or design weaknesses in a hardware system), the authors should disclose these vulnerabilities to the vendors/maintainers of affected software or hardware systems prior to the CFP deadline. When disclosure is necessary, authors are expected to include a statement within their submission and/or final paper about steps taken to fulfill the goal of responsible disclosure.

Human Subjects and Ethical Considerations

Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should: Disclose whether the research received an approval or waiver from each of the authors’ institutional ethics review boards (e.g., an IRB). Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect. If a paper raises significant ethical or legal concerns, including in its handling of personally identifiable information (PII) or other kinds of sensitive data, it might be rejected based on these concerns.

Submission Site

Submit your paper/SiP talk abstract: SCORED ‘24 HotCRP