Exportar Publicação

Andrei-Cristian, I., Lechner, Ulrike & Pinto-Albuquerque, M. (2025). Bring your own bug: Enabling user-generated content in serious games for industrial cybersecurity and AppSec education. In Sebastian Zielinski, Gerald Eichler, Christian Erfurth, Günter Fahrnberger (Ed.), Innovations for community services: 25th International Conference, I4CS 2025, Proceedings. (pp. 289-306). Munich: Springer .

I. Andrei-Cristian et al.,  "Bring your own bug: Enabling user-generated content in serious games for industrial cybersecurity and AppSec education", in Innovations for community services: 25th Int. Conf., I4CS 2025, Proc., Sebastian Zielinski, Gerald Eichler, Christian Erfurth, Günter Fahrnberger, Ed., Munich, Springer , 2025, vol. 2513 CCIS, pp. 289-306

@inproceedings{andrei-cristian2025_1777876232911,
	author = "Andrei-Cristian, I. and Lechner, Ulrike and Pinto-Albuquerque, M.",
	title = "Bring your own bug: Enabling user-generated content in serious games for industrial cybersecurity and AppSec education",
	booktitle = "Innovations for community services: 25th International Conference, I4CS 2025, Proceedings",
	year = "2025",
	editor = "Sebastian Zielinski, Gerald Eichler, Christian Erfurth, Günter Fahrnberger",
	volume = "2513 CCIS",
	number = "",
	series = "",
	doi = "10.1007/978-3-031-94263-1_17",
	pages = "289-306",
	publisher = "Springer ",
	address = "Munich",
	organization = "",
	url = "https://link.springer.com/book/10.1007/978-3-031-94263-1"
}

TY  - CPAPER
TI  - Bring your own bug: Enabling user-generated content in serious games for industrial cybersecurity and AppSec education
T2  - Innovations for community services: 25th International Conference, I4CS 2025, Proceedings
VL  - 2513 CCIS
AU  - Andrei-Cristian, I.
AU  - Lechner, Ulrike
AU  - Pinto-Albuquerque, M.
PY  - 2025
SP  - 289-306
SN  - 1865-0929
DO  - 10.1007/978-3-031-94263-1_17
CY  - Munich
UR  - https://link.springer.com/book/10.1007/978-3-031-94263-1
AB  - This work investigates the integration of User Generated Content in a Serious Game for cybersecurity education and training in the industry. This Serious Game deals with security code reviews as part of an industrial software lifecycle, and players are invited to review vulnerable snippets to gain awareness of secure coding. We design and implement a way to include User Generated Content contributions into the Serious Game and we evaluate how this approach in cybersecurity education opens a path for a community-driven initiative to gather and share security knowledge. We develop an open contribution pipeline that allows developers to submit security-relevant code snippets in the Serious Games challenge collection, for players of the game to review, and present the technical design choices behind it: automating the integration of content, acceptance quality gates, and the potential for custom data analytics from recorded player interactions. Furthermore, we explore the voluntary contributors’ perceptions of the ease of contribution (with respect to our proposed convention for challenge snippets) and also investigate the characteristics of what is considered an effective educational snippet. 
ER  -