Toby Murray, Deian Stefan
Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16
This year, 2016, marks the 11th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS). For the first time since PLAS began in 2006, PLAS is co-located with the ACM Conference on Computer and Communications Security (CCS). Over its now ten-year history, PLAS has provided a forum for researchers and practitioners to exchange ideas about programming language and program analysis techniques that improve the security of software systems. PLAS started as a workshop co-located
... with the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) and remained co-located with PLDI for the following seven years. In its ninth and tenth installment PLAS was co-located with European Conference on Object-Oriented Programming (ECOOP). This year therefore marks a new phase in the growth of PLAS as it takes place-for the first time-not with a Programming Languages (PL) conference but instead with the ACM's premier conference on Security. PLAS naturally sits at the intersection of these two diverse and vibrant fields. In the decade since PLAS's inception, the line between PL and Security has continued to blur as each field has further matured. Greenberg et al.  empirically documented the increasing presence of Security work in top PL conferences, as part of their recent study on the diffusion of ideas in PL literature. Likewise, many highprofile PL achievements in the Security literature over the past decade have highlighted how essential PL research is for the construction of secure systems. As but one example consider the formally verified TLS implementation miTLS , developed and verified in the dependently typed programming language F*, which led to the discovery of a range of flaws in mainstream TLS implementations . The need for secure system development to be underpinned by solid PL foundations has not diminished, but is growing evermore. The recent attack  on the Ethereum smart contracts of The DAO aptly highlights this. As do the almost-weekly large-scale website breaches.