Reliably Secure Software Systems (RS3) –
DFG Priority Programme 1496

2017: The final event of RS3 will take place in summer of 2017.
2016, August: Heise online, the most frequently visited German-language IT news website, published a report about an 18-year-old vulnerability in the pseudo-random number generator of GnuPG that has been uncovered by RS3 researchers from the project DeduSec.
  Posters and demonstrators of the reference scenarios of RS3 were presented at the USENIX Security Symposium 2016 in Austin on August 11.
2016, July: Selected slides and pictures from the RS3 Practitioner Event are now online on the webpage of the event.
2016, June: The RS3 Practitioner Event took place on June 7–8, 2016 in Darmstadt.
2016, April: RS3 was presented by its coordinator Prof. Heiko Mantel in two talks on April 4 and 7 at the Royal Society Scientific Meeting on "Verified Trustworthy Software Systems" in London.

  • RS3 publications: Projects within RS3 in sum have more than 100 reviewed publications so far! See the full publication list for details!
  • Tools: A number of useful new security tools are being developed within RS3. See the tool list for details!

The next major RS3 event will be the final event in the summer of 2017.

    Current open positions:


    The Priority Programme at a Glance


    This Priority Programme assumes that a paradigm shift in IT-security is necessary in order to reliably guarantee the security of complex software systems. The current trust-based and mechanism-centric approaches to IT-security shall be complemented by property-oriented solutions. This paradigm shift shall enable a trustworthy certification of system-wide, technical security guarantees that adequately respects the semantics of programs and of security requirements. Bridging the gap from security in-the-small to security in-the-large will involve the improvement of conceptual foundations, the development of analysis and engineering tools, and their migration into practice. Collaborations between multiple sub-disciplines of Computer Science, primarily formal methods, IT-security, and programming languages, will be necessary to achieve the objectives of the programme.