Hongmei Chi
ABSTRACT
Our experiences show that the earlier students learn secure coding concepts, even at the same time as they first learn to write code, the better they will continue using secure coding practices. In this paper, modules for teaching secure coding practices to STEM students are built and those modules are ready for most common programming courses for STEM students. Those modules will provide the essential and fundamental skills to programmers and application developers in secure programming. In addition, most of the modules will use static-analysis tools to help with detecting vulnerabilities in any given code. In addition, some survey's results are reposted here.
- Cunningham, K Robert; Zhivich, Michael. 2009. The Real Cost of Software Errors. In IEEE Computer Society, 2009.Google Scholar
Digital Library
- Brittany Johnson. 2012. A study on improving static analysis tools: why are we not using them?. In Proceedings of the 2012 International Conference on Software Engineering (ICSE 2012). IEEE Press, Piscataway, NJ, USA, 1607--1609. Google ScholarDigital Library
- Dotta, Mirco; Suter, Philippe; and Kuncak, Viktor. 2008. On Static Analysis for Expressive Pattern Matching, in 18th International Symposium, Venice, Italy, 2008Google Scholar
- Robert Seacord. 2006. Secure Coding in C and C++: Of Strings and Integers. IEEE Security and Privacy 4, 1 (January 2006), 74--76 Google ScholarDigital Library
- Hossain Shahriar and Mohammad Zulkernine. 2012. Mitigating program security vulnerabilities: Approaches and challenges. ACM Comput. Surv. 44, 3, Article 11 (June 2012), 46 pages Google ScholarDigital Library
- Ben Smith and Laurie Williams. 2012. On the Effective Use of Security Test Patterns. In Proceedings of the 2012 IEEE Sixth International Conference on Software Security and Reliability (SERE '12). IEEE Computer Society, Washington, DC, USA, 108--117. Google ScholarDigital Library
- Blair Taylor and Siddharth Kaza. 2011. Security injections: modules to help students remember, understand, and apply secure coding techniques. In Proceedings of the 16th annual joint conference on Innovation and technology in computer science education (ITiCSE '11). 3--7 Google ScholarDigital Library
- Claude F. Turner, Blair Taylor, and Siddharth Kaza. 2011. Security in computer literacy: a model for design, dissemination, and assessment. In Proceedings of the 42nd ACM technical symposium on Computer science education (SIGCSE '11). 15--20 Google ScholarDigital Library
- Blair Taylor, Matt Bishop, Elizabeth Hawthorne, and Kara Nance. 2013. Teaching secure coding: the myths and the realities. In Proceeding of the 44th ACM technical symposium on Computer science education (SIGCSE '13), 281--282. Google ScholarDigital Library
- Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, and Robert Bowdidge. 2013. Why don't software developers use static analysis tools to find bugs?. In Proceedings of the 2013 International Conference on Software Engineering (ICSE '13). IEEE Press, Piscataway, NJ, USA, 672--681. Google ScholarCross Ref
- Raymond P.L. Buse, Caitlin Sadowski, and Westley Weimer. 2011. Benefits and barriers of user evaluation in software engineering research. In Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications (OOPSLA '11). 643--656 Google ScholarDigital Library
- Chess, Brian, and Jacob West. Secure programming with static analysis. Pearson Education, 2007. Google ScholarDigital Library
Index Terms
- Teaching Secure Coding Practices to STEM Students
Recommendations
Teaching secure coding: the myths and the realities
SIGCSE '13: Proceeding of the 44th ACM technical symposium on Computer science educationTeaching secure coding has never been more important. The CS2013 Ironman draft includes Information Assurance and Security as a new Knowledge Area and recommends that security be cross-cutting across all undergraduate computer science curricula. The ...
STEM teaching as an additional profession for scientists and engineers: the case of computer science education
SIGCSE '14: Proceedings of the 45th ACM technical symposium on Computer science educationThe conference theme - "Leveraging Computing to Change Education" - focuses on the influence of computing on the way we educate at all levels. In this paper we highlight the conference theme from the perspective of computer science (CS) teacher ...
Robotics to promote elementary education pre-service teachers' STEM engagement, learning, and teaching
We report a research project with a purpose of helping teachers learn how to design and implement science, technology, engineering, and mathematics (STEM) lessons using robotics. Specifically, pre-service teachers' STEM engagement, learning, and ...
Comments