Publicação em atas de evento científico
Raising security awareness using cybersecurity challenges in embedded programming courses
Tiago Espinha Gasiba (Gasiba, T. E.); Samra Hodzic (Hodzic, S.); Ulrike Lechner (Lechner, U.); Maria Pinto-Albuquerque (Pinto-Albuquerque, M.);
2021 International Conference on Code Quality (ICCQ)
Ano (publicação definitiva)
2021
Língua
Inglês
País
Estados Unidos da América
Mais Informação
Web of Science®

Esta publicação não está indexada na Web of Science®

Scopus

N.º de citações: 2

(Última verificação: 2024-11-17 06:08)

Ver o registo na Scopus

Google Scholar

N.º de citações: 10

(Última verificação: 2024-11-17 15:54)

Ver o registo no Google Scholar

Abstract/Resumo
Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.
Agradecimentos/Acknowledgements
--
Palavras-chave
Secure coding,Software quality,Embedded programming,Training,Cybersecurity challenge,Education,Security bug
Registos de financiamentos
Referência de financiamento Entidade Financiadora
UIDB/04466/2020 Fundação para a Ciência e a Tecnologia
UIDP/04466/2020 Fundação para a Ciência e a Tecnologia
Projetos Relacionados

Esta publicação é um output do(s) seguinte(s) projeto(s):