Português
Ciência-IUL
Publications
Publication Detailed Description
2021 International Conference on Code Quality (ICCQ)
Year (definitive publication)
2021
Language
English
Country
United States of America
More Information
Web of Science®
This publication is not indexed in Web of Science®
Scopus
Google Scholar
Abstract
Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.
Acknowledgements
--
Keywords
Secure coding,Software quality,Embedded programming,Training,Cybersecurity challenge,Education,Security bug
Funding Records
| Funding Reference | Funding Entity |
|---|---|
| UIDB/04466/2020 | Fundação para a Ciência e a Tecnologia |
| UIDP/04466/2020 | Fundação para a Ciência e a Tecnologia |
Related Projects
This publication is an output of the following project(s):
