Is Secure Coding Education in the Industry Needed? An Investigation Through a Large Scale Survey

Gasiba, Tiago Espinha; Lechner, Ulrike; Pinto-Albuquerque, Maria; Méndez, Daniel

doi:10.1109/icse-seet52601.2021.00034

Cited by 11 publications

(14 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Two of these games additionally use points [44][45][46]. Points are awarded in seven other games, but never without using an additional game element [27,32,35,37,39,41,50]. Similarly, the element of challenge is mostly used in combination with other elements [27,28,31,35,[37][38][39][40]49].…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Serious Games in Higher Education in the Transforming Process to Education 4.0—Systematized Review

Brandl,

Schrader

2024

Education Sciences

View full text Add to dashboard Cite

The digital transformation associated with the Fourth Industrial Revolution is having an impact on the way we teach. Under the term Education 4.0, new teaching methods, new technologies, as well as a student-centered approach, are expected to be used in teaching. One established method of teaching is the use of Serious Games, as it has various positive effects in terms of motivation and engagement. This paper deals with the question of how the transformation towards Education 4.0 influences the way Serious Games are designed and used in the context of higher education. To this end, a systematized literature review was conducted. Out of 550 publications, 28 were included. This revealed works on the general conception as well as studies on Serious Games in various areas of university teaching. The results show different concepts of Serious Games, with the structure often being adapted to learning content and not to students. In terms of technical implementation, Serious Games are mostly web- or desktop-applications instead of new technologies such as VR. As a result, new concepts seem necessary to adapt Serious Games to Education 4.0. In the future, we want to design Serious Games that respond flexibly to students’ needs and make it easy to integrate new technologies.

show abstract

Section: Methodsmentioning

confidence: 99%

“…The work aims to provide feedback based on the emotional state. The other games in this area have the purpose of motivating or engaging students [32,33,41,43,45,48], or increasing the learning effect [29,30,33,35,[37][38][39][40][46][47][48].…”

Section: Serious Game Objectivementioning

confidence: 99%

Serious Games in Higher Education in the Transforming Process to Education 4.0—Systematized Review

Brandl,

Schrader

2024

Education Sciences

View full text Add to dashboard Cite

show abstract

“…In CLASP threat modeling and risk analysis [209] is performed during requirement and design phase. In the design and implementation phase, it suggests secure design guidelines and secure coding standards [210], [211], [212], [213]. Inspections, static code analysis, and security testing [214] are performed in the assurance phase [215].…”

Section: Approaches To Software Quality and Securitymentioning

confidence: 99%

An investigation into software quality and security: Past research works and existing gaps

Korir¹

2023

Global J. Eng. Technol. Adv.

View full text Add to dashboard Cite

Software security is concerned with the protection of data, facilities and applications from harm that may be occasioned by malware attacks such as password sniffing, viruses and hijacking. It is a system-wide concept that takes into account both security mechanisms such as access control as well as the design for security, such as a robust design that renders software attack complicated. It may encompass building of secure software, which comprises of the designing of software to be attack-resistant, ensuring that software is error-free, and educating software developers, architects, and users about the building of secure artifacts. In this regard, insecure software negatively affects organization’s reputations with customers, partners, and investors. The goal of this paper is to investigate some of the issues that make the software insecure, as well as the approaches that have been developed to boost software quality and security. The outcomes indicate that various models, techniques, frameworks and approaches to software quality have been developed over the recent past. However, only a few of them give reliable evidence for creating secure software applications.

show abstract

“…Identify potential security vulnerabilities and design the system architecture and components to minimize those risks. However, in secure coding practices, developers need to adhere to validate and sanitize user input, using parameterized queries or prepared statements to prevent injection attacks, implementing proper access controls and authentication mechanisms, and securely handling sensitive data [187], [188]. Apply security-focused coding guidelines and standards.…”

Section: Essential Guidelines For Building Secure Softwarementioning

confidence: 99%

Theory and practice in secure software development lifecycle: A comprehensive survey

Otieno¹,

Odera²,

Ounza³

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

Software development security refers to the practice of integrating security measures and considerations throughout the software development lifecycle to ensure the confidentiality, integrity, and availability of software systems. It involves identifying, mitigating, and eliminating security vulnerabilities and threats that could be exploited by attackers. The goal of this paper is to survey the various concepts and methodologies directed towards software security, and the identification of any missing gaps. Based on the findings, it is noted that the development of secure software requires a proactive and comprehensive approach. It begins with establishing secure design principles and incorporating security requirements from the initial stages of development. Here, secure coding practices, such as input validation, output encoding, and secure authentication and authorization mechanisms, are employed to prevent common security vulnerabilities. In addition, regular security testing, including penetration testing and vulnerability scanning, helps identify and address potential weaknesses in the software. Normally, code reviews and security audits are conducted to ensure adherence to secure coding practices and identify any security flaws. It is important that security training and awareness programs be provided to developers and other stakeholders to foster a security-conscious culture. To minimize potential vulnerabilities, secure configuration management, which involves properly configuring servers, networks, and dependencies may be utilized. On the other hand, regular updates and patching are essential to address known security vulnerabilities in software components. To guide their software development security practices, organizations may follow established security standards and frameworks such as ISO 27001 or NIST Cybersecurity Framework. By prioritizing software development security, organizations can protect sensitive data, prevent unauthorized access, and mitigate the risk of security breaches and incidents. In the long run, this helps build trust with users and stakeholders, enhances the reputation of the software, and reduces the potential impact of security incidents on the organization.

show abstract

Is Secure Coding Education in the Industry Needed? An Investigation Through a Large Scale Survey

Cited by 11 publications

References 19 publications

Serious Games in Higher Education in the Transforming Process to Education 4.0—Systematized Review

Serious Games in Higher Education in the Transforming Process to Education 4.0—Systematized Review

An investigation into software quality and security: Past research works and existing gaps

Theory and practice in secure software development lifecycle: A comprehensive survey

Contact Info

Product

Resources

About