Security and data privacy play today a central role in the digital society. For instance, cyber attacks against nuclear power plants, such as the Stuxnet virus, shed a light on the disruptive potential of cyberwarfare and cyberterrorism on our society, pushing governments and industries to make plans to protect a large spectrum of critical sectors. As a further example, the widespread adoption of web and mobile technologies for carrying on commercial activities has made client devices as well as service providers a profitable, and unfortunately frequent, target of hackers and cyber criminals. Finally, privacy scandals systematically gain the headlines of newspapers, making the public opinion more and more conscious and critical about the exposure of sensitive data in the digital world. The complexity of the digital ecosystem makes the definition and enforcement of security and privacy properties a formidable challenge, which manual design and analysis techniques proved inadequate to tackle. This state of affairs calls for rigorous approaches, backed up by a formal reasoning and supported by mechanized procedures. The scientific research has shown, in particular, how logical frameworks and program verification techniques, originally developed to define and certify the correctness of programs, constitute a solid basis on top of which it is possible to build powerful and innovative tools for rigorously reasoning about security and privacy in the digital society. Indeed, the design of formal methods for security and privacy proved over the years a flowering and extraordinarily active research area, which has seen exciting contributions from a variety of disciplines at the core of SIGLOG, such as logic, semantics, automated deduction, and verification. This research field has tons of success stories and many open challenges on its horizon: among the former, I like to mention cryptographic protocol analysis, access control models, and information flow security, while the latter include, for instance, web security, mobile security, data privacy, and cybersecurity.