License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.ICPEC.2020.11
URN: urn:nbn:de:0030-drops-122988
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2020/12298/
Go to the corresponding OASIcs Volume Portal

Gasiba, Tiago ; Lechner, Ulrike ; Cuellar, Jorge ; Zouitni, Alae

Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry

pdf-format:
OASIcs-ICPEC-2020-11.pdf (0.5 MB)

Abstract

Secure coding guidelines are essential material used to train and raise awareness of software developers on the topic of secure software development. In industrial environments, since developer time is costly, and training and education is part of non-productive hours, it is important to address and stress the most important topics first. In this work, we devise a method, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant metrics. The goal is to define priorities for a teaching curriculum on raising cybersecurity awareness of software developers on secure coding guidelines. Furthermore, we do a small comparison study by asking computer science students from university on how they rank the importance of secure coding guidelines and compare the outcome to our results.

BibTeX - Entry

@InProceedings{gasiba_et_al:OASIcs:2020:12298,
  author =	{Tiago Gasiba and Ulrike Lechner and Jorge Cuellar and Alae Zouitni},
  title =	{{Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry}},
  booktitle =	{First International Computer Programming Education Conference (ICPEC 2020)},
  pages =	{11:1--11:11},
  series =	{OpenAccess Series in Informatics (OASIcs)},
  ISBN =	{978-3-95977-153-5},
  ISSN =	{2190-6807},
  year =	{2020},
  volume =	{81},
  editor =	{Ricardo Queir{\'o}s and Filipe Portela and M{\'a}rio Pinto and Alberto Sim{\~o}es},
  publisher =	{Schloss Dagstuhl--Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2020/12298},
  URN =		{urn:nbn:de:0030-drops-122988},
  doi =		{10.4230/OASIcs.ICPEC.2020.11},
  annote =	{Keywords: education, teaching, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, game design, cybersecurity challenge}
}

Keywords: education, teaching, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, game design, cybersecurity challenge
Collection: First International Computer Programming Education Conference (ICPEC 2020)
Issue Date: 2020
Date of publication: 15.06.2020

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI