research-article

Open access

Reflections on Training Next-Gen Industry Workforce on Secure Software Development

Authors:

Tiago Espinha Gasiba,

Andrei-Cristian Iosif,

Santiago Suppan,

Ulrike Lechner,

Maria Pinto-AlbuquerqueAuthors Info & Claims

ECSEE '23: Proceedings of the 5th European Conference on Software Engineering Education

Pages 1 - 10

https://doi.org/10.1145/3593663.3593665

Published: 19 June 2023 Publication History

All formats PDF

Abstract

The increasing number of security incidents highlights the growing importance of cybersecurity, particularly in industrial environments. Education and awareness of secure coding practices are fundamental to secure products and services. In this paper, we explore the potential of CyberSecurity Challenges (CSCs), a serious game that is designed to raise awareness of industrial software developers about secure coding, to train the next generation of professionals in undergraduate programs. Our work details how to tailor the game to the training environment and assesses its effectiveness through an experiment undertaken with 16 trainees. The findings of our work reveal that the CSC game can contribute to raising awareness of secure coding practices among next-generation trainees, and highlights the potential that the game has when used in an academic setting.

References

[1]

Ella Albrecht, Fabian Gumz, and Jens Grabowski. 2018. Experiences in introducing blended learning in an introductory programming course. In Proceedings of the 3rd European Conference of Software Engineering Education. Association for Computing Machinery, New York, United States, 93–101.

Digital Library

[2]

James Barela, Tiago Gasiba, Santiago Suppan, Marc Berges, and Kristian Beckers. 2019. When Interactive Graphic Storytelling Fails. 27th International Requirements Engineering Conference Workshops (REW) 1 (8 2019), 164–169. https://doi.org/10.1109/REW.2019.00034 IEEE.

[3]

Bundesamt für Sicherheit in der Informationstechnik. 2016. BSI IT-Grundschutz-Katalog. Technical Report. BSI, Reguvis Fachmedien GmbH, Köln, Germany. 1–5082 pages. https://download.gsb.bund.de/BSI/ITGSK/IT-Grundschutz-Kataloge_2016_EL15_DE.pdf15. ed, BSI.

[4]

Department of Homeland Security, US-CERT. 2020. Software Assurance. Retrieved September 27 2020 from https://tinyurl.com/y6pr9v42

[5]

Tilman Dewes, Tiago Gasiba, and Thomas Schreck. 2022. Understanding the Usage of IT-Security Games in the Industry and Its Mapping to Job Profiles. In Third International Computer Programming Education Conference (ICPEC 2022)(Open Access Series in Informatics (OASIcs), Vol. 102), Alberto Simões and João Carlos Silva (Eds.). Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 3:1–3:12. https://doi.org/10.4230/OASIcs.ICPEC.2022.3

[6]

Ralf Dörner, Stefan Göbel, Michael Kickmeier-Rust, Maic Masuch, and Katharina Zweig. 2016. Entertainment Computing and Serious Games: International GI-Dagstuhl Seminar (1 ed.). Springer, Dagstuhl Castle, Germany. 1–549 pages.

[7]

Bundesamt für Sicherheit in der Informationstechnik. 2023. Warnstufe Rot: Schwachstelle Log4Shell führt zu extrem kritischer Bedrohungslage. Retrieved February 27, 2023 from https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2021/211211_log4Shell_WarnstufeRot.html

[8]

Tiago Gasiba. 2021. Raising Awareness on Secure Coding in the Industry through CyberSecurity Challenges. Ph. D. Dissertation. Universität der Bundeswehr München.

[9]

Tiago Gasiba, Ulrike Lechner, and Maria Pinto-Albuquerque. 2020. Sifu - A CyberSecurity Awareness Platform with Challenge Assessment and Intelligent Coach. Special Issue of Cyber-Physical System Security of the Cybersecurity Journal 1 (10 2020), 1–23. https://doi.org/10.1186/s42400-020-00064-4 SpringerOpen, Online.

[10]

Matthias Gensheimer, Florian Huber, and Georg Hagel. 2020. Gamification in software engineering education through Visual Novels. In Proceedings of the 4th European Conference on Software Engineering Education. Association for Computing Machinery, New York, United States, 1–5.

Digital Library

[11]

International Electrotechnical Commission. 2018. IEC 62443-4-1 – Security for industrial automation and control systems - Part 4-1: Secure product development lifecycle requirements. Technical Report. IEC, Geneval Switzerland. 1–115 pages.

[12]

Jacob Jacoby and Michael S Matell. 1971. Three-point Likert scales are good enough. Journal of Marketing Research 8, 4 (11 1971), 495–500. https://doi.org/10.1177/002224377100800414 SAGE Publications Sage CA: Los Angeles, CA.

[13]

Jim Marquardson and Ahmed Elnoshokaty. 2020. Skills, Certifications, or Degrees: What Companies Demand for Entry-Level Cybersecurity Jobs.Information Systems Education Journal 18, 1 (2020), 22–28.

[14]

Mentimeter AB. 2020. Mentimeter: Interactive presentation software. Retrieved September 27 2020 from https://www.mentimeter.com/

[15]

Jelena Mirkovic and Peter Peterson. 2014. Class Capture-the-Flag Exercises. 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14) 1 (7 2014), 1–8. https://www.usenix.org/conference/3gse14/summit-program/presentation/mirkovic USENIX Association, San Diego, CA, USA.

[16]

Pedro J. Muñoz-Merino, Manuel Fernández Molina, Mario Muñoz-Organero, and Carlos Delgado Kloos. 2014. Motivation and Emotions in Competition Systems for Education: An Empirical Study. IEEE Transactions on Education 57, 3 (2014), 182–187. https://doi.org/10.1109/TE.2013.2297318

Digital Library

[17]

OWASP Foundation. 2023. Open Web Application Security Project JuiceShop. Retrieved (23 February 2023) from https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

[18]

Suri Patel. 2020. 2019 Global Developer Report: DevSecOps finds security roadblocks divide teams. Retrieved July 18 2020 from https://about.gitlab.com/blog/2019/07/15/global-developer-report/

[19]

Mário Pinto and Teresa Terroso. 2022. Learning Computer Programming: A Gamified Approach. In Third International Computer Programming Education Conference (ICPEC 2022)(Open Access Series in Informatics (OASIcs), Vol. 102), Alberto Simões and João Carlos Silva (Eds.). Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 11:1–11:8. https://doi.org/10.4230/OASIcs.ICPEC.2022.11

[20]

Gabryella Rodrigues, Ana Francisca Monteiro, and António Osório. 2022. Introductory Programming in Higher Education: A Systematic Literature Review. In Third International Computer Programming Education Conference (ICPEC 2022)(Open Access Series in Informatics (OASIcs), Vol. 102), Alberto Simões and João Carlos Silva (Eds.). Schloss Dagstuhl – Leibniz-Zentrum für Informatik, Dagstuhl, Germany, 4:1–4:17. https://doi.org/10.4230/OASIcs.ICPEC.2022.4

[21]

Matthias Schonlau and Mick Couper. 2016. Semi-Automated Categorization of Open-Ended Questions. Survey Research Methods 10, 2 (8 2016), 143–152. https://doi.org/10.18148/srm/2016.v10i2.6213.

[22]

Maung Sein, Ola Henfridsson, Sandeep Purao, Matti Rossi, and Rikard Lindgren. 2011. Action Design Research. MIS Quarterly 35, 1 (3 2011), 37–56. https://doi.org/10.2307/23043488

[23]

Zamzami Zainuddin, Samuel Kai Wah Chu, Muhammad Shujahat, and Corinne Jacqueline Perera. 2020. The impact of gamification on learning and instruction: A systematic review of empirical evidence. Educational Research Review 30 (2020), 100326. https://doi.org/10.1016/j.edurev.2020.100326

Cited By

Saraiva JAraújo JSoares S(2024)Ensino da Adequação à LGPD no Desenvolvimento de Software através da Aprendizagem Ativa e Centrada no DiscenteAnais do IV Simpósio Brasileiro de Educação em Computação (EDUCOMP 2024)10.5753/educomp.2024.237528(204-213)Online publication date: 22-Apr-2024
https://doi.org/10.5753/educomp.2024.237528
Brandl LSchrader A(2024)Serious Games in Higher Education in the Transforming Process to Education 4.0—Systematized ReviewEducation Sciences10.3390/educsci1403028114:3(281)Online publication date: 7-Mar-2024
https://doi.org/10.3390/educsci14030281

Index Terms

Reflections on Training Next-Gen Industry Workforce on Secure Software Development
1. Security and privacy
  1. Software and application security
  2. Systems security
2. Social and professional topics
  1. Professional topics
    1. Computing education

Recommendations

Collaborating with industry: strategies for an undergraduate software engineering program
SSEE '06: Proceedings of the 2006 international workshop on Summit on software engineering education

Software engineering is prominent in the collection of undergraduate disciplines that benefit most from experiential learning. Despite an exhaustive classroom and laboratory curriculum, the obtainment of program outcomes cannot be achieved without the ...
Broadening the Path to Cybersecurity Profession in Predominantly Undergraduate and Liberal Arts Institutions (Abstract Only)
SIGCSE '16: Proceedings of the 47th ACM Technical Symposium on Computing Science Education

Cybersecurity is a broad, dynamic, and ever changing field that is difficult to be integrated into undergraduate Computer Science (CS) curriculum. In this poster, we will report our plan and progress on an ongoing NSF-funded three-year project. First, ...
Is secure coding education in the industry needed?: an investigation through a large scale survey
ICSE-JSEET '21: Proceedings of the 43rd International Conference on Software Engineering: Joint Track on Software Engineering Education and Training

The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380 million USD ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ECSEE '23: Proceedings of the 5th European Conference on Software Engineering Education

June 2023

264 pages

ISBN:9781450399562

DOI:10.1145/3593663

Editor:
Jürgen Mottok
OTH Regensburg

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 June 2023

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ECSEE 2023

ECSEE 2023: European Conference on Software Engineering Education

June 19 - 21, 2023

Seeon/Bavaria, Germany

Acceptance Rates

Overall Acceptance Rate 11 of 16 submissions, 69%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
207
Total Downloads

Downloads (Last 12 months)147
Downloads (Last 6 weeks)19

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Saraiva JAraújo JSoares S(2024)Ensino da Adequação à LGPD no Desenvolvimento de Software através da Aprendizagem Ativa e Centrada no DiscenteAnais do IV Simpósio Brasileiro de Educação em Computação (EDUCOMP 2024)10.5753/educomp.2024.237528(204-213)Online publication date: 22-Apr-2024
https://doi.org/10.5753/educomp.2024.237528
Brandl LSchrader A(2024)Serious Games in Higher Education in the Transforming Process to Education 4.0—Systematized ReviewEducation Sciences10.3390/educsci1403028114:3(281)Online publication date: 7-Mar-2024
https://doi.org/10.3390/educsci14030281

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents