To minimize the possibility of introducing vulnerabilities in source code, software developers in the industry may attend security awareness and secure coding training. One promising novel approach to raise awareness is to use cybersecurity challenges in a capture-the-flag event. In order for this to be effective, the types of challenges must be adequately designed to address the target group. In this work we look at how to design challenges for software developers in an industrial context, based on survey given to security experts by gathering their experience on the field. While our results show that traditional methods seem to be adequate, they also reveal a new class of challenges based on code entry and interaction with an automated coach.

This work is financed by portuguese national funds through FCT- Fundação para a Ciência e Tecnologia, I.P., under the project FCT UIDB/04466/2020. Furthermore, the third author thanks the Instituto Universitário de Lisboa and ISTAR-IUL for their support.

Teaching,Cybersecurity,Capture-the-flag,Challenges,Automation,Coaching,Secure,Coding,Programming

• Matemáticas - Ciências Naturais
• Ciências da Computação e da Informação - Ciências Naturais