Observing the Uptake of a Language Change Making Strings Immutable

To address security concerns, a major change was introduced to the OCaml language and compiler which made strings immutable and introduced array of bytes as replacement for mutable strings. The change is progressively being pushed so that ultimately strings will be immutable. We have investigated the way OCaml package developers undertook the change. In this paper we report on a preliminary observation of software code from the main OCaml package management system. For this purpose we instrumented versions of the OCaml compiler to get precise information into the uptake of safe strings

Experience in using a typed functional language for the development of a security application

In this paper we present our experience in developing a security application using a typed functional language. We describe how the formal grounding of its semantic and compiler have allowed for a trustworthy development and have facilitated the fulfillment of the security specification.Comment: In Proceedings F-IDE 2014, arXiv:1404.578

How Could Serious Games Support Secure Programming? Designing a Study Replication and Intervention

While developing and deploying software continue to be more broadly accessible, so is the problem caused by these systems' security not being considered enough by their developers and maintainers. We propose to address this developer-centred security issue with serious games (games for which entertainment is not the main purpose) as a means to motivate developers to consider security threats when developing. We have developed a serious game around secure and non-secure programming exercises to investigate if serious gamification helps to improve attitudes or ability with secure programming. We detail the design choices of the game and how it relates to the programming tasks. In particular we present the design choices we made with the intention to replicate a prior study and discuss the tension that arose between replication and intervention. We discuss the results of a pilot study we conducted and present the steps we plan to take going forward into larger studies

Transition from Passive Learner to Critical Evaluator through Peer-Testing of Programming Artefacts

Offering timely feedback on programming while encouraging learners to engage in critical evaluation of programs are the objectives of peer-testing. We report on a peer-testing experiment with students on distant campuses using a Web platform. The experiment shows the potential that peer-testing has to help students transition from passive learners to critical evaluators.  Keywords: Computer science education, peer testing, peer feedback, software testing, student transition