Embedding Secure Programming in the Curriculum: Some Lessons Learned

Johnstone, Michael N.

doi:10.7763/ijet.2013.v5.560

Cited by 5 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From the IT perspective, there is no difference between the two terms. Sommerville [31] and Burley and Lewis [4], for instance, use the first term while others use the second term, such as Pressman and Maxim [28] and Johnstone [18]. The same is applicable to similar terms starting with the word cyber such as cyberspace and cybercrime.…”

Section: Observations and Recommendations (Rq3)mentioning

confidence: 99%

“…SECURITY EDUCATION In this section, the existing works on software security education are described in chronological order. Johnstone [18] described the application of a secure programming unit in an existing Australian university curriculum. The unit addressed the main problems in security education, and students had the benefit of learning about the dilemmas presented in this unit.…”

Section: Introductionmentioning

confidence: 99%

“…In conclusion, most available works have not given course content much attention compared with other aspects of software security education, such as focusing on the security of coding [18,32] or the importance of software security in academic programs [20,38]. Some researchers discussed the integration of software security with other courses [17,37].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

What topics should or should not be included in software security education—Qualitative content analysis

Ebad

2022

Comp Applic In Engineering

View full text Add to dashboard Cite

Software security education is still not preparing students for the types of high‐skilled technical roles that represent the most severe workforce shortage. Recognizing this, academia has begun redefining the knowledge area concepts of software security curricula to meet the current workforce shortage. This article studies the software security courses in Arab Gulf academic programs and benchmarks their descriptions with the corresponding knowledge area from cybersecurity Curricula (CSEC). 2017, the first set of global cybersecurity curricular guidelines. Using content analysis, six concepts or essentials are investigated: security requirements, secure design principles, secure source code, analysis and testing, patch, and ethics. It was found that no course follows all the CSEC. 2017 essentials. The analysis and testing essential were considered by all courses, and security after deployment, including the patch essential, needs more attention because it was not included in any course. Similarly, the security requirements and ethics essentials were also considered by a few courses. However, software success depends on requirements, and ethics has become critical in the cybersecurity and information assurance fields that depend on law and forensics. The secure source code essential was covered by most courses. The well‐known types of code attacks were covered, and over half of the courses discussed secure design principles essential. However, security by design is an emerging development philosophy. The article discussed observations and recommendations that will assist program managers and their staff in making effective decisions about the essentials and concepts that should be included when they are developing the software security curriculum.

show abstract

Section: Observations and Recommendations (Rq3)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

What topics should or should not be included in software security education—Qualitative content analysis

Ebad

2022

Comp Applic In Engineering

View full text Add to dashboard Cite

show abstract

Integrating Formal Methods for Security in Software Security Education

Modesti¹

2020

Informatics in Education

View full text Add to dashboard Cite

As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete implementation of a course on security protocol development that integrates formal methods for security research into the teaching practice. A novelty of the framework is the adoption of a conceptual model aligned with the level of abstraction used for the symbolic (high-level) representation of cryptographic and communication primitives. This is aimed not only at improving skills in secure software development, but also at bridging the gap between the formal representation and the actual implementation, making formal methods and tools more accessible to students and practitioners.

show abstract

Cyber Security Education in the Fourth Industrial Revolution

Kariuki

2018

Handbook of Research on Information and Cyber Security in the Fourth Industrial Revolution

View full text Add to dashboard Cite

It is critical that cyber education curriculum considers the growing cyber technologies and which aspects of these technologies need to be aligned with the fourth industrial revolution. This chapter seeks to present a comprehensive analysis of the current level of cyber security education in South Africa. It will also track the current trends of cyber security education in the country as well as examining any challenges being experienced including any knowledge gaps. In the end, the chapter proposes recommendations for consideration in strengthening cybersecurity education in the country in to achieve advanced cyber security responses, capable of mitigating any cyber security threats. Offering quality cyber security education is important in preparing the next generation cyber security practitioners, who are highly competent and capable of developing innovative solutions in response to the growing global demand of cyber technologies. The chapter ends by proposing specific strategies that can guide towards this ideal in the context of the fourth industrial revolution.

show abstract

Embedding Secure Programming in the Curriculum: Some Lessons Learned

Cited by 5 publications

References 8 publications

What topics should or should not be included in software security education—Qualitative content analysis

What topics should or should not be included in software security education—Qualitative content analysis

Integrating Formal Methods for Security in Software Security Education

Cyber Security Education in the Fourth Industrial Revolution

Contact Info

Product

Resources

About