Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security

Learning software security is a big challenging task in the information technology sector due to the vast amount of security knowledge and the difficulties in understanding the practical applications. The traditional teaching and learning materials, which are usually organized topically and security-centric, have fewer linkages with learners' experience and prior knowledge that they bring to the learning sessions. Learners often do not associate vulnerabilities or coding practices with programs similar to what they were writing in their previous time. Consequently, their motivation for learning is not touched by conventional methods. The aim of this paper is the presentation of an ontology-based learning system for software security with contextualized learning approaches, and of the results of an initial evaluation using a controlled quasi-experiment in a university learning environment. This system facilitates the contextual learning process by providing contextualized access to security knowledge via real software application scenarios, in which learners can explore and relate the security knowledge to the context they are already familiar with. The experiment results show that the prototyped system with the proposed learning approach not only yields significant knowledge gain compared to the conventional learning approach but also gains better learning satisfaction of students