| Monday, 5 December |
| 07:30–08:30 | Breakfast |
| 08:30–12:00 | M1: Keeping Your Web Apps Secure: The OWASP Top 10 & Beyond |
| | M3: Code Transformation Techniques for Software Protection |
| | Layered Assurance Workshop (LAW) |
| | TF1: Tracer Fire: Hands on Computer Forensics in Depth - Part 1 |
| 12:00–13:30 | Lunch |
| 13:30–17:00 | M2: State of the Practice: Botnets and Related Malware |
| | M3: Code Transformation Techniques for Software Protection |
| | Layered Assurance Workshop (LAW) |
| | TF1: Tracer Fire: Hands on Computer Forensics in Depth - Part 1 |
| |
| Tuesday, 6 December |
| 07:30–08:30 | Breakfast |
| 08:30–12:00 | T5: Virtualization and Security |
| | T8: The Bro Network Intrusion Detection System |
| | Layered Assurance Workshop (LAW) |
| | GTIP: Workshop on Governance of Technology, Information, and Policies |
| | TF2: Tracer Fire: Hands on Computer Forensics in Depth - Part 2 |
| 12:00–13:30 | Lunch |
| 13:30–17:00 | T6: Security Risk Analysis of Enterprise Networks: Techniques and Challenges |
| | T8: The Bro Network Intrusion Detection System |
| | Layered Assurance Workshop (LAW) |
| | GTIP: Workshop on Governance of Technology, Information, and Policies |
| | TF2: Tracer Fire: Hands on Computer Forensics in Depth - Part 2 |
| 18:00–20:00 | Reception |
| |
| Wednesday, 7 December |
| 07:30–08:30 | Breakfast |
| 08:30–08:45 | Welcome |
| 08:45–10:00 | Distinguished Practitioner: Susan Landau |
| 10:00–10:30 | Break |
| 10:30–12:00 | Malware 1 |
| | Case Studies 1 |
| | Panel: The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research |
| | FISMA Training 1 — Security Controls: NIST SP 800-53, Revision 4 |
| 12:00–13:30 | Lunch |
| 13:30–15:00 | Situational Awareness 1 |
| | Case Studies 2 |
| | Panel: The Search for Meaningful Trustworthiness |
| | FISMA Training 2 — New Appendix in NIST SP 800-53 Revision 4: Privacy Controls |
| 15:00–15:30 | Break |
| 15:30–17:00 | Applied Cryptography |
| | Social Network Security |
| | Works-in-Progress |
| | FISMA Training 3 — Conducting Risk Assessments: NIST SP 800-30, Revision 1 |
| 17:00–18:00 | Classic Paper: Paul Syverson |
| 19:00–22:00 | Conference Dinner |
| |
| Thursday, 8 December |
| 07:30–08:30 | Breakfast |
| 08:30–08:45 | Opening Remarks |
| 08:45–10:00 | Invited Essayist: Terry Benzel |
| 10:00–10:30 | Break |
| 10:30–12:00 | Usable Security |
| | Secure Infrastructure |
| | Panel: Learning from Unanticipated Scientific Security Research Results Workshop Highlights |
| | FISMA Training 3 — Conducting Risk Assessments: NIST SP 800-30, Revision 1 |
| 12:00–13:30 | Lunch |
| 13:30–15:00 | Anonymity |
| | Web Security 1 |
| | Panel: The New Security Paradigms Workshop Experience |
| | FISMA Training 4 — Risk Management Framework: NIST SP 800-37 |
| 15:00–15:30 | Break |
| 15:30–17:00 | Software Security |
| | Web Security 2 |
| | Panel: Software Assurance in the Globalised Era |
| | FISMA Training 4 — Risk Management Framework: NIST SP 800-37 |
| 17:00–18:00 | Classic Paper: Matt Blaze |
| 18:00–21:00 | Reception and Poster Session |
| |
| Friday, 9 December |
| 07:30–08:30 | Breakfast |
| 08:30–10:00 | Mobile Security |
| | Malware 2 |
| | FISMA Training 5 — Managing Information Security: NIST SP 800-39 |
| 10:00–10:30 | Break |
| 10:30–11:30 | Situational Awareness 2 |
| | Malware 3 |
| | FISMA Training 5 — Managing Information Security: NIST SP 800-39 |
| 11:30–12:00 | Closing and Awards |
| 12:30–18:00 | Social Event (Sea World) |