Secure Software Development Awareness: A Case Study of Undergraduate Developers
Abstract
As ubiquitous computing becomes an increasingly inherent component of everyday life due to the rapid growth of communication technologies and globalization, threats against information systems have taken a more latent yet lethal dimension. This emergent digital security challenge has correspondingly motivated a proactive change in the software engineering process in recent decades. This change has inspired more intense research scrutiny on security as a crucial component of any software system. Moreover, in today’s virtual world of hyperconnectivity, the most significant vulnerabilities in modern information systems security are software centred. Nevertheless, research shows that software developers often lack the required knowledge and skills in secure software systems development (SSD). Such knowledge ensures that all the resultant software components of each development lifecycle are correctly implemented rather than merely following the SSD lifecycle. Also, the knowledge engenders software security consciousness as a professional attitude amongst developers. Therefore, investigating students’ awareness of SSD principles can generate insight into evolving the undergraduate software development curriculum – a path to building future career developers. The study used a voluntary online survey to recruit a sample of 76 undergraduate developers and employed a descriptive approach to data analysis. Among other findings, the study revealed that participants' perception of the threat of software vulnerability impacts their attitude towards security on online and mobile platforms. And that though over 90% of the undergraduate developers took software vulnerability threats either “serious” or “extremely serious”, this disposition did not reflect the depth of their knowledge and experience in SSD.
References
[2] N. Davis, W. Humphrey, S. T. Redwine, G. Zibulski, and G. McGraw, “Processes for producing secure software: Summary of US national Cybersecurity Summit subgroup report,” IEEE Secur. Priv., vol. 2, no. 3, pp. 18–25, May 2004.
[3] S. Faily and S. Faily, “Usable and Secure Software Design: The State-of-the-Art,” in Designing Usable and Secure Software with IRIS and CAIRIS, Springer International Publishing, 2018, pp. 9–53.
[4] B. Bafandeh Mayvan, A. Rasoolzadegan, and Z. Ghavidel Yazdi, “The state of the art on design patterns: A systematic mapping of the literature,” J. Syst. Softw., vol. 125, pp. 1339–1351, Mar. 2017.
[5] M. Z. Gunduz and R. Das, “Analysis of cyber-attacks on smart grid applications,” in 2018 International Conference on Artificial Intelligence and Data Processing (IDAP), Sep. 2018, pp. 1–5.
[6] S. Ghafur, E. Grass, N. R. Jennings, and A. Darzi, “The challenges of cybersecurity in health care: the UK National Health Service as a case study,” Lancet Digit. Heal., vol. 1, no. 1, pp. e10–e12, May 2019.
[7] C. Heitzenrater and A. Simpson, “A case for the economics of secure software development,” in ACM International Conference Proceeding Series, Sep. 2016, vol. 26-29-Sept, pp. 92–105.
[8] Z. A. Baig et al., “Future challenges for smart cities: Cyber-security and digital forensics,” Digit. Investig., vol. 22, pp. 3–13, 2017.
[9] S. Omar, T. Frimpong, and J. B. Hayfron-Acquah, “Information System Security Threats and Vulnerabilities: Evaluating the Human Factor in Data Protection,” Int. J. Comput. Appl., vol. 143, no. 5, pp. 0975 – 8887, 2016..
[10] M. Sharma and S. Kaur, “Cyber Crimes Becoming Threat to Cyber Security,” Acad. J. Forensic Sci., vol. 2, no. 1, pp. 2581–4273, 2019.
[11] C. Luo, W. Bo, H. Kun, and L. Yuesheng, “Study on Software Vulnerability Characteristics and Its Identification Method,” Math. Probl. Eng., vol. 2020, pp. 0–6, 2020.
[12] I. Bassey, D. Afuro, and M. Munienge, “An Investigation of Software Engineering Knowledge of Undergraduate Students,” Int. J. Mod. Educ. Comput. Sci., vol. 7, no. 12, pp. 42–50, 2015.
[13] B. Isong, O. Ifeoma, and N. Gasela, “On the integration of agile practices into teaching: An approach to overcoming teaching and learning challenges of programming,” in Proceedings - 2015 International Conference on Computational Science and Computational Intelligence, CSCI 2015, Mar. 2016, pp. 264–270.
[14] S. Biju, “Benefits of Working in Pairs in Problem Solving and Algorithms - Action Research,” Athens J. Educ., vol. 6, no. 3, pp. 223–236, Jan. 2019.
[15] B. Isong, “A Methodology for Teaching Computer Programming: first year students’ perspective,” Int. J. Mod. Educ. Comput. Sci., vol. 6, no. 9, pp. 15–21, 2014.
[16] Y. Changsheng, H. Kaibin, and C. Hyukjin, “Energy Efficient Mobile Cloud Computing Powered by Wireless Energy Transfer - IEEE Journals & Magazine,” Sci. World J., vol. 34, no. 5, pp. 1757–1771, 2016.
[17] C. Stergiou, K. E. Psannis, B. G. Kim, and B. Gupta, “Secure integration of IoT and Cloud Computing,” Futur. Gener. Comput. Syst., vol. 78, pp. 964–975, Jan. 2018.
[18] R. Vadra, “Knowledge Economy in BRICS: a Case of South Africa,” J. Knowl. Econ., vol. 8, no. 4, pp. 1229–1240, Dec. 2017.
[19] Forbs, “Top 2016 Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec And Verizon,” 2016.
[20] C. Weir, A. Rashid, and J. Noble, “Challenging software developers: dialectic as a foundation for security assurance techniques,” J. Cybersecurity, vol. 6, no. 1, pp. 1–16, 2020.
[21] A. Alhazmi and N. A. G. Arachchilage, “I’m all ears! Listening to software developers on putting GDPR principles into software development practice,” Pers. Ubiquitous Comput., vol. 25, no. 5, pp. 879–892, Oct. 2021.
[22] Veracode, “State of Software Security Volume 9,” 2018.
[23] J. Xie, H. R. Lipford, and B. Chu, “Why do programmers make security errors?,” in Proceedings - 2011 IEEE Symposium on Visual Languages and Human Centric Computing, VL/HCC 2011, 2011, pp. 161–164.
[24] M. Graff and K. Van-Wyk R., Secure coding : principles and practices. O’Reilly, 2003.
[25] A. J. Ko and B. A. Myers, “A framework and methodology for studying the causes of software errors in programming systems,” J. Vis. Lang. Comput., vol. 16, no. 1–2, pp. 41–84, Feb. 2005.
[26] H. Assal and S. Chiasson, “‘Think secure from the beginning’: A survey with software developers,” Conf. Hum. Factors Comput. Syst. - Proc., May 2019.
[27] T. H. Morris, “Experiential learning – a systematic review and revision of Kolb’s model,” Interact. Learn. Environ., vol. 28, no. 8, pp. 1064–1077, Nov. 2019.
