1 research outputs found
Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses
Security bugs are errors in code that, when exploited, can lead to serious
software vulnerabilities. These bugs could allow an attacker to take over an
application and steal information. One of the ways to address this issue is by
means of awareness training. The Sifu platform was developed in the industry,
for the industry, with the aim to raise software developers' awareness of
secure coding. This paper extends the Sifu platform with three challenges that
specifically address embedded programming courses, and describes how to
implement these challenges, while also evaluating the usefulness of these
challenges to raise security awareness in an academic setting. Our work
presents technical details on the detection mechanisms for software
vulnerabilities and gives practical advice on how to implement them. The
evaluation of the challenges is performed through two trial runs with a total
of 16 participants. Our preliminary results show that the challenges are
suitable for academia, and can even potentially be included in official
teaching curricula. One major finding is an indicator of the lack of awareness
of secure coding by undergraduates. Finally, we compare our results with
previous work done in the industry and extract advice for practitioners.Comment: Preprint accepted for publication at the First International
Conference on Code Quality (ICCQ 2021