License: Creative Commons Attribution 3.0 Unported license (CC BY 3.0)
When quoting this document, please refer to the following
DOI: 10.4230/OASIcs.ICPEC.2020.11
URN: urn:nbn:de:0030-drops-122988
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2020/12298/
Gasiba, Tiago ;
Lechner, Ulrike ;
Cuellar, Jorge ;
Zouitni, Alae
Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry
Abstract
Secure coding guidelines are essential material used to train and raise awareness of software developers on the topic of secure software development. In industrial environments, since developer time is costly, and training and education is part of non-productive hours, it is important to address and stress the most important topics first. In this work, we devise a method, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant metrics. The goal is to define priorities for a teaching curriculum on raising cybersecurity awareness of software developers on secure coding guidelines. Furthermore, we do a small comparison study by asking computer science students from university on how they rank the importance of secure coding guidelines and compare the outcome to our results.
BibTeX - Entry
@InProceedings{gasiba_et_al:OASIcs:2020:12298,
author = {Tiago Gasiba and Ulrike Lechner and Jorge Cuellar and Alae Zouitni},
title = {{Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry}},
booktitle = {First International Computer Programming Education Conference (ICPEC 2020)},
pages = {11:1--11:11},
series = {OpenAccess Series in Informatics (OASIcs)},
ISBN = {978-3-95977-153-5},
ISSN = {2190-6807},
year = {2020},
volume = {81},
editor = {Ricardo Queir{\'o}s and Filipe Portela and M{\'a}rio Pinto and Alberto Sim{\~o}es},
publisher = {Schloss Dagstuhl--Leibniz-Zentrum f{\"u}r Informatik},
address = {Dagstuhl, Germany},
URL = {https://drops.dagstuhl.de/opus/volltexte/2020/12298},
URN = {urn:nbn:de:0030-drops-122988},
doi = {10.4230/OASIcs.ICPEC.2020.11},
annote = {Keywords: education, teaching, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, game design, cybersecurity challenge}
}
Keywords: |
|
education, teaching, training, secure coding, industry, cybersecurity, capture-the-flag, game analysis, game design, cybersecurity challenge |
Collection: |
|
First International Computer Programming Education Conference (ICPEC 2020) |
Issue Date: |
|
2020 |
Date of publication: |
|
15.06.2020 |