About IEEE Security & Privacy

IEEE Security & Privacy (S&P)’s mission is to be the best source of reliable, useful, peer-reviewed information for those aiming to understand how systems, data, and people are protected in a world of rapid technology evolution. This bimonthly magazine publishes articles that have clarity and context, targeting a wide audience who understand technology, from developers to executives, managers to policy-makers, and researchers interested in problems with practical impact. Peer-reviewed articles and columns by real-world experts illuminate all aspects of the field, including systems, attacks and defenses, software security, applied cryptography, usability, forensics, big data, ethics, biometrics, and more, with special issues focusing on targeted topics as well as issues devoted to key events and conferences.

S&P is copublished by the IEEE Computer Society and the IEEE Reliability Society. Technical cosponsors are the IEEE Signal Processing Society and IEEE Engineering in Medicine & Biology Society. S&P accepts commercial and classified advertisements. S&P‘s 2024 impact factor is 3.0. Learn about the magazine’s history by exploring the S&P index site, curated by a volunteer.

S&P aims to provide a unique combination of research articles, case studies, tutorials, and departments covering diverse aspects of security and dependability of computer-based systems, including legal and ethical issues, privacy concerns, tools to help secure information, methods for development and assessment of trustworthy systems, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology, and other topics of interest to a general, technically oriented readership. Topics include, but are not limited to:

    Network Security
    Software and Hardware Security
    Systems Security
    Embedded Security
    Privacy-Enhancing Technologies
    Data Analytics for Security and Privacy
    Usable Security and Privacy
    Physical and Human Security
    Wireless and Mobile Security
    Security Foundations
    Security Economics
    Security and Privacy Policies
    Integrated Security Design Methods
    Critical Infrastructures
    Sociotechnical Security and Privacy
    Social Networks and Computing
    Surveillance
    Cybercrime and Forensics
    Developer and User Training
    Real-World Cryptography
    Intrusion Detection
    Malware

Scope

IEEE Security & Privacy is the premier magazine of the IEEE Computer and Reliability Societies for informing their members about recent and forthcoming advances in information technology pertaining to security, privacy, and dependability. The magazine seeks creative and novel perspectives on industry practices, research directions, and policy and regulatory matters. In addition to feature articles, special and themed issues, columns, and departments, experts from our community of interest provide insightful commentary on current issues and paradigm shifts via virtual roundtables and podcasts.

In particular, IEEE Security & Privacy looks for articles that identify key research problems for improving computing defenses and for developing more secure and privacy-aware systems, as well as articles that teach readers about emerging technologies that show promise in such areas. IEEE Security & Privacy encompasses a broad range of topics regarding security and privacy and features both peer-reviewed articles as well as departments and columns, which describe perspectives on hot topics from academic and industry leaders in the field.

Special Issue on Language Translation for Security
Submission Date: 2026-03-31

"The most dangerous phrase in the language is: 'We've always done it this way.'"  -  Grace Hopper

For decades, critical software systems have been built in memory unsafe languages such as C and C++. These languages remain deeply embedded in operating systems, communication stacks, cryptographic libraries, and safety-critical applications. Although the risks of undefined behavior, memory corruption, and other low-level vulnerabilities are well known, large legacy code bases and ecosystem inertia have made wholesale rewrites impractical.

Recent advances in safe programming languages, language technologies, and AI have opened a promising new direction: automated or semi-automated translation of unsafe code into safer languages with strong guarantees, such as Rust. These efforts draw on a broad range of techniques including static analysis, formal methods, program synthesis, dynamic analysis, and, increasingly, large language models (LLMs). At the same time, there is growing recognition that secure translation must not only preserve functionality but also strengthen security properties and produce code that is idiomatic, maintainable, and suitable for long-term evolution.

Although language translation has been explored for decades—for example, IBM’s Cobol to Java modernization work more than 25 years ago—the urgent need to move away from memory unsafe languages, now reflected even in high-level policy directives, combined with major advances in safe languages (such as Rust and Go) and in LLM technologies, has created a new tipping point for research. This shift is exemplified most clearly by the DARPA TRACTOR program, which is driving large-scale translation of C codebases to Rust.

This special issue of IEEE Security & Privacy aims to highlight recent advances in language translation for security, with an emphasis on practical solutions and evaluation.

Topics of interest include, but are not limited to:

    Translation of C/C++ and other unsafe languages to safer languages (for example, Rust, Go, SPARK Ada, or other high-assurance languages)
    Static analysis-based translation techniques, including type inference, alias analysis, and control/data flow reasoning for safe refactoring
    LLM-based or learning assisted translation of legacy code, including prompt design, fine tuning, and safety centric rewriting
    Hybrid approaches that combine static analysis, formal methods, synthesis, LLMs, and developer guidance
    Dynamic analyses for validating translated code, including regression testing, fuzzing, and runtime monitoring
    Metrics and evaluation of translated code for functionality, security, performance, readability, idiomaticity, and maintainability
    Techniques for transforming unsafe features (for example, manual memory management, raw pointers, unchecked concurrency) into safe abstractions
    Verification and validation of semantic preservation and security improvement in translated code
    Formal and semi-formal frameworks for reasoning about safety, concurrency, and equivalence
    Tool chains, frameworks, or infrastructure that support secure language translation at scale
    Empirical studies, case studies, and industrial experiences with language translation for security
    Challenges and opportunities in deploying translated code in operational systems and long-lived software ecosystems

Note that the special issue seeks to focus on solutions rather than attacks. In addition to full papers, opinion and “Viewpoint” pieces are welcome.

Special Issue on Autonomous AI Agents in Computer Security
Submission Date: 2026-05-01

AI is having a transformative impact on cyber security that has the potential to significantly disrupt the effectiveness of current defensive standards. AI is up-scaling the offensive security tactics of novice and sophisticated attackers, at speed, scale, and potentially unseen methods targeting AI systems and supply chains. At the same time, autonomous AI agents offer the potential to counter these threats by enhancing the automatization of their detection, analysis, and recovery. However, the rapid pace of AI transformation and the resulting security arms race is creating significant uncertainty about what threats to expect and how to fortify defenses effectively.

This uncertainty is further amplified by the growing integration of autonomous agents across vertical and horizontal levels of global society, ranging from personal assistance to global commerce. Because of the potential capacity of these agents to interact with many parts of the economy, and to directly or indirectly touch critical systems, it will be essential to prioritize and integrate automated security at the outset as well. This necessitates a comprehensive analysis of both the vulnerabilities introduced through AI agents as well as their robustness and defensive capabilities.

As a result of these implications, we propose to explore the challenges, opportunities, and limitations arising from autonomous AI agents in computer security. The theme will focus on autonomous offensive and defensive security. The goal of the special issue is to uncover research directions to accelerate vulnerability discovery, attack detection, and incident response with automated, repeatable, and measurable approaches.

We’ll invite papers covering any aspect of AI agents for cyber security including, but not limited to,

    AI agents for autonomous cyber defense
    AI agents for autonomous vulnerability discovery and analysis
    AI agents for autonomous incident recovery and response
    Measurements quantifying the security of AI agents
    Capabilities and limitations of AI agents in security contexts
    Security analysis and vulnerability assessment of AI agents
    Implications of AI agents for attack-defender asymmetries