This work investigates the integration of User Generated Content in a Serious Game for cybersecurity education and training in the industry. This Serious Game deals with security code reviews as part of an industrial software lifecycle, and players are invited to review vulnerable snippets to gain awareness of secure coding. We design and implement a way to include User Generated Content contributions into the Serious Game and we evaluate how this approach in cybersecurity education opens a path for a community-driven initiative to gather and share security knowledge. We develop an open contribution pipeline that allows developers to submit security-relevant code snippets in the Serious Games challenge collection, for players of the game to review, and present the technical design choices behind it: automating the integration of content, acceptance quality gates, and the potential for custom data analytics from recorded player interactions. Furthermore, we explore the voluntary contributors’ perceptions of the ease of contribution (with respect to our proposed convention for challenge snippets) and also investigate the characteristics of what is considered an effective educational snippet.

--

Code review,Secure coding,Cybersecurity,Education,Awareness,Information systems,User-generated content

• Mathematics - Natural Sciences
• Computer and Information Sciences - Natural Sciences