Towards developer-centered secure coding training

Vladislav Pikulin, Daiki Kubo, Kaveesha Nissanka, Sadeeptha Bandara, Muhammad A. Shamsiemon, Arissha Yasmin, Asangi Jayatilaka, Anuradha Madugalla, Tanjila Kanij

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

Software security continues to be a matter of concern for both end-users and developers, with the cost of potential lapses expected to become larger as software plays a larger role in society. Despite investments in secure coding training programmes, organisations are not achieving the expected success rate. An often overlooked reason for this among many others is that current training programmes are not tailored to consider the diversity among software developers as it relates to human aspects. In this research, data was gathered from software developers of various backgrounds on their perceptions of secure coding training, their expectations from and challenges with such a training program. The findings suggest that developers with personality traits of agreeableness tend to ignore secure coding standards. Additionally, developers with higher work experience tend to demand storage management, responsible use of privileges, security and privacy laws and testing topics to be included in the secure coding training. Furthermore, in terms of training structure, developers with higher openness tend to demand hands-on training to be included. The study's findings seek to inform future researchers and organisations on factors to consider when designing adaptive secure coding programs that would address the needs of developers from different backgrounds.

Original languageEnglish
Title of host publicationProceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023
EditorsMohan Baruwal Chhetri, Xiao Liu, Marthie Grobler, Thuong Hoang, Karen Renaud, Chetan Arora
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages24-31
Number of pages8
ISBN (Electronic)9798350330328
ISBN (Print)9798350330335
DOIs
Publication statusPublished - 2023
EventWorkshop on Human-Centric Software Engineering and Cyber Security 2023 - Echternach, Luxembourg
Duration: 11 Sept 202311 Sept 2023
https://ieeexplore.ieee.org/xpl/conhome/10298259/proceeding (Proceedings)
https://conf.researchr.org/track/ase-2023/ase-2023--workshop--hcse-cs? (Website)

Conference

ConferenceWorkshop on Human-Centric Software Engineering and Cyber Security 2023
Abbreviated titleHCSE-CS 2023
Country/TerritoryLuxembourg
CityEchternach
Period11/09/2311/09/23
Internet address

Keywords

  • Cybersecurity
  • Developers
  • Diversity
  • Human Aspects
  • Programming
  • Secure Coding
  • Training

Cite this