Is secure coding education in the industry needed? An investigation through a large scale survey

Bibliographic Details
Main Author: Gasiba, T. E.
Publication Date: 2021
Other Authors: Lechner, U., Albuquerque, M. P., Mendez, D.
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10071/25497
Summary: The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380 million USD in industrial control systems alone. Since software developers write software, they also introduce these vulnerabilities into the source code. However, secure coding guidelines exist to prevent software developers from writing vulnerable code. This study focuses on the human factor, the software developer, and secure coding, in particular secure coding guidelines. We want to understand the software developers' awareness and compliance to secure coding guidelines and why, if at all, they aren't compliant or aware. We base our results on a large-scale survey on secure coding guidelines, with more than 190 industrial software developers. Our work's main contribution motivates the need to educate industrial software developers on secure coding guidelines, and it gives a list of fifteen actionable items to be used by practitioners in the industry. We also make our raw data openly available for further research.
id RCAP_183c0332ba952e2544f773cb24a5f99a
oai_identifier_str oai:repositorio.iscte-iul.pt:10071/25497
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Is secure coding education in the industry needed? An investigation through a large scale surveyEducationTrainingIndustrySecure coding guidelinesSoftware developersAwarenessSurveyThe Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380 million USD in industrial control systems alone. Since software developers write software, they also introduce these vulnerabilities into the source code. However, secure coding guidelines exist to prevent software developers from writing vulnerable code. This study focuses on the human factor, the software developer, and secure coding, in particular secure coding guidelines. We want to understand the software developers' awareness and compliance to secure coding guidelines and why, if at all, they aren't compliant or aware. We base our results on a large-scale survey on secure coding guidelines, with more than 190 industrial software developers. Our work's main contribution motivates the need to educate industrial software developers on secure coding guidelines, and it gives a list of fifteen actionable items to be used by practitioners in the industry. We also make our raw data openly available for further research.IEEE2022-05-20T14:52:22Z2021-01-01T00:00:00Z20212022-05-20T15:50:38Zconference objectinfo:eu-repo/semantics/publishedVersionapplication/pdfhttp://hdl.handle.net/10071/25497eng978-1-6654-0138-810.1109/ICSE-SEET52601.2021.00034Gasiba, T. E.Lechner, U.Albuquerque, M. P.Mendez, D.info:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-07-07T02:29:54Zoai:repositorio.iscte-iul.pt:10071/25497Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T17:59:40.575116Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Is secure coding education in the industry needed? An investigation through a large scale survey
title Is secure coding education in the industry needed? An investigation through a large scale survey
spellingShingle Is secure coding education in the industry needed? An investigation through a large scale survey
Gasiba, T. E.
Education
Training
Industry
Secure coding guidelines
Software developers
Awareness
Survey
title_short Is secure coding education in the industry needed? An investigation through a large scale survey
title_full Is secure coding education in the industry needed? An investigation through a large scale survey
title_fullStr Is secure coding education in the industry needed? An investigation through a large scale survey
title_full_unstemmed Is secure coding education in the industry needed? An investigation through a large scale survey
title_sort Is secure coding education in the industry needed? An investigation through a large scale survey
author Gasiba, T. E.
author_facet Gasiba, T. E.
Lechner, U.
Albuquerque, M. P.
Mendez, D.
author_role author
author2 Lechner, U.
Albuquerque, M. P.
Mendez, D.
author2_role author
author
author
dc.contributor.author.fl_str_mv Gasiba, T. E.
Lechner, U.
Albuquerque, M. P.
Mendez, D.
dc.subject.por.fl_str_mv Education
Training
Industry
Secure coding guidelines
Software developers
Awareness
Survey
topic Education
Training
Industry
Secure coding guidelines
Software developers
Awareness
Survey
description The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380 million USD in industrial control systems alone. Since software developers write software, they also introduce these vulnerabilities into the source code. However, secure coding guidelines exist to prevent software developers from writing vulnerable code. This study focuses on the human factor, the software developer, and secure coding, in particular secure coding guidelines. We want to understand the software developers' awareness and compliance to secure coding guidelines and why, if at all, they aren't compliant or aware. We base our results on a large-scale survey on secure coding guidelines, with more than 190 industrial software developers. Our work's main contribution motivates the need to educate industrial software developers on secure coding guidelines, and it gives a list of fifteen actionable items to be used by practitioners in the industry. We also make our raw data openly available for further research.
publishDate 2021
dc.date.none.fl_str_mv 2021-01-01T00:00:00Z
2021
2022-05-20T14:52:22Z
2022-05-20T15:50:38Z
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10071/25497
url http://hdl.handle.net/10071/25497
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 978-1-6654-0138-8
10.1109/ICSE-SEET52601.2021.00034
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv IEEE
publisher.none.fl_str_mv IEEE
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833597116369338368

Similar Items