Towards developer-centered secure coding training

Vladislav Pikulin; Daiki Kubo; Kaveesha Nissanka; Sadeeptha Bandara; Muhammad A. Shamsiemon; Arissha Yasmin; Asangi Jayatilaka; Anuradha Madugalla; Tanjila Kanij

doi:10.1109/ASEW60602.2023.00008

Towards developer-centered secure coding training

Vladislav Pikulin, Daiki Kubo, Kaveesha Nissanka, Sadeeptha Bandara, Muhammad A. Shamsiemon, Arissha Yasmin, Asangi Jayatilaka, Anuradha Madugalla, Tanjila Kanij

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

2 Citations (Scopus)

Abstract

Software security continues to be a matter of concern for both end-users and developers, with the cost of potential lapses expected to become larger as software plays a larger role in society. Despite investments in secure coding training programmes, organisations are not achieving the expected success rate. An often overlooked reason for this among many others is that current training programmes are not tailored to consider the diversity among software developers as it relates to human aspects. In this research, data was gathered from software developers of various backgrounds on their perceptions of secure coding training, their expectations from and challenges with such a training program. The findings suggest that developers with personality traits of agreeableness tend to ignore secure coding standards. Additionally, developers with higher work experience tend to demand storage management, responsible use of privileges, security and privacy laws and testing topics to be included in the secure coding training. Furthermore, in terms of training structure, developers with higher openness tend to demand hands-on training to be included. The study's findings seek to inform future researchers and organisations on factors to consider when designing adaptive secure coding programs that would address the needs of developers from different backgrounds.

Original language	English
Title of host publication	Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023
Editors	Mohan Baruwal Chhetri, Xiao Liu, Marthie Grobler, Thuong Hoang, Karen Renaud, Chetan Arora
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	24-31
Number of pages	8
ISBN (Electronic)	9798350330328
ISBN (Print)	9798350330335
DOIs	https://doi.org/10.1109/ASEW60602.2023.00008
Publication status	Published - 2023
Event	Workshop on Human-Centric Software Engineering and Cyber Security 2023 - Echternach, Luxembourg Duration: 11 Sept 2023 → 11 Sept 2023 https://ieeexplore.ieee.org/xpl/conhome/10298259/proceeding (Proceedings) https://conf.researchr.org/track/ase-2023/ase-2023--workshop--hcse-cs? (Website)

Conference

Conference	Workshop on Human-Centric Software Engineering and Cyber Security 2023
Abbreviated title	HCSE-CS 2023
Country/Territory	Luxembourg
City	Echternach
Period	11/09/23 → 11/09/23
Internet address	https://ieeexplore.ieee.org/xpl/conhome/10298259/proceeding (Proceedings) https://conf.researchr.org/track/ase-2023/ase-2023--workshop--hcse-cs? (Website)

Keywords

Cybersecurity
Developers
Diversity
Human Aspects
Programming
Secure Coding
Training

Access to Document

10.1109/ASEW60602.2023.00008

Cite this

Pikulin, V., Kubo, D., Nissanka, K., Bandara, S., Shamsiemon, M. A., Yasmin, A., Jayatilaka, A., Madugalla, A., & Kanij, T. (2023). Towards developer-centered secure coding training. In M. Baruwal Chhetri, X. Liu, M. Grobler, T. Hoang, K. Renaud, & C. Arora (Eds.), Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023 (pp. 24-31). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ASEW60602.2023.00008

Pikulin, Vladislav ; Kubo, Daiki ; Nissanka, Kaveesha et al. / Towards developer-centered secure coding training. Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023. editor / Mohan Baruwal Chhetri ; Xiao Liu ; Marthie Grobler ; Thuong Hoang ; Karen Renaud ; Chetan Arora. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2023. pp. 24-31

@inproceedings{b7164430c6974fc19c462edfcedf89ec,

title = "Towards developer-centered secure coding training",

abstract = "Software security continues to be a matter of concern for both end-users and developers, with the cost of potential lapses expected to become larger as software plays a larger role in society. Despite investments in secure coding training programmes, organisations are not achieving the expected success rate. An often overlooked reason for this among many others is that current training programmes are not tailored to consider the diversity among software developers as it relates to human aspects. In this research, data was gathered from software developers of various backgrounds on their perceptions of secure coding training, their expectations from and challenges with such a training program. The findings suggest that developers with personality traits of agreeableness tend to ignore secure coding standards. Additionally, developers with higher work experience tend to demand storage management, responsible use of privileges, security and privacy laws and testing topics to be included in the secure coding training. Furthermore, in terms of training structure, developers with higher openness tend to demand hands-on training to be included. The study's findings seek to inform future researchers and organisations on factors to consider when designing adaptive secure coding programs that would address the needs of developers from different backgrounds.",

keywords = "Cybersecurity, Developers, Diversity, Human Aspects, Programming, Secure Coding, Training",

author = "Vladislav Pikulin and Daiki Kubo and Kaveesha Nissanka and Sadeeptha Bandara and Shamsiemon, {Muhammad A.} and Arissha Yasmin and Asangi Jayatilaka and Anuradha Madugalla and Tanjila Kanij",

note = "Funding Information: Anuradha Madugalla and Tanjila Kanij are supported by ARC Laureate Fellowship FL190100035. We thank all the participants who participated in the survey and interviews. Publisher Copyright: {\textcopyright} 2023 IEEE.; Workshop on Human-Centric Software Engineering and Cyber Security 2023, HCSE-CS 2023 ; Conference date: 11-09-2023 Through 11-09-2023",

year = "2023",

doi = "10.1109/ASEW60602.2023.00008",

language = "English",

isbn = "9798350330335",

pages = "24--31",

editor = "{Baruwal Chhetri}, Mohan and Xiao Liu and Marthie Grobler and Thuong Hoang and Karen Renaud and Chetan Arora",

booktitle = "Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

url = "https://ieeexplore.ieee.org/xpl/conhome/10298259/proceeding, https://conf.researchr.org/track/ase-2023/ase-2023--workshop--hcse-cs?",

}

Pikulin, V, Kubo, D, Nissanka, K, Bandara, S, Shamsiemon, MA, Yasmin, A, Jayatilaka, A, Madugalla, A & Kanij, T 2023, Towards developer-centered secure coding training. in M Baruwal Chhetri, X Liu, M Grobler, T Hoang, K Renaud & C Arora (eds), Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023. IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 24-31, Workshop on Human-Centric Software Engineering and Cyber Security 2023, Echternach, Luxembourg, 11/09/23. https://doi.org/10.1109/ASEW60602.2023.00008

Towards developer-centered secure coding training. / Pikulin, Vladislav; Kubo, Daiki; Nissanka, Kaveesha et al.
Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023. ed. / Mohan Baruwal Chhetri; Xiao Liu; Marthie Grobler; Thuong Hoang; Karen Renaud; Chetan Arora. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2023. p. 24-31.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Towards developer-centered secure coding training

AU - Pikulin, Vladislav

AU - Kubo, Daiki

AU - Nissanka, Kaveesha

AU - Bandara, Sadeeptha

AU - Shamsiemon, Muhammad A.

AU - Yasmin, Arissha

AU - Jayatilaka, Asangi

AU - Madugalla, Anuradha

AU - Kanij, Tanjila

N1 - Funding Information: Anuradha Madugalla and Tanjila Kanij are supported by ARC Laureate Fellowship FL190100035. We thank all the participants who participated in the survey and interviews. Publisher Copyright: © 2023 IEEE.

PY - 2023

Y1 - 2023

N2 - Software security continues to be a matter of concern for both end-users and developers, with the cost of potential lapses expected to become larger as software plays a larger role in society. Despite investments in secure coding training programmes, organisations are not achieving the expected success rate. An often overlooked reason for this among many others is that current training programmes are not tailored to consider the diversity among software developers as it relates to human aspects. In this research, data was gathered from software developers of various backgrounds on their perceptions of secure coding training, their expectations from and challenges with such a training program. The findings suggest that developers with personality traits of agreeableness tend to ignore secure coding standards. Additionally, developers with higher work experience tend to demand storage management, responsible use of privileges, security and privacy laws and testing topics to be included in the secure coding training. Furthermore, in terms of training structure, developers with higher openness tend to demand hands-on training to be included. The study's findings seek to inform future researchers and organisations on factors to consider when designing adaptive secure coding programs that would address the needs of developers from different backgrounds.

AB - Software security continues to be a matter of concern for both end-users and developers, with the cost of potential lapses expected to become larger as software plays a larger role in society. Despite investments in secure coding training programmes, organisations are not achieving the expected success rate. An often overlooked reason for this among many others is that current training programmes are not tailored to consider the diversity among software developers as it relates to human aspects. In this research, data was gathered from software developers of various backgrounds on their perceptions of secure coding training, their expectations from and challenges with such a training program. The findings suggest that developers with personality traits of agreeableness tend to ignore secure coding standards. Additionally, developers with higher work experience tend to demand storage management, responsible use of privileges, security and privacy laws and testing topics to be included in the secure coding training. Furthermore, in terms of training structure, developers with higher openness tend to demand hands-on training to be included. The study's findings seek to inform future researchers and organisations on factors to consider when designing adaptive secure coding programs that would address the needs of developers from different backgrounds.

KW - Cybersecurity

KW - Developers

KW - Diversity

KW - Human Aspects

KW - Programming

KW - Secure Coding

KW - Training

UR - http://www.scopus.com/inward/record.url?scp=85178518685&partnerID=8YFLogxK

U2 - 10.1109/ASEW60602.2023.00008

DO - 10.1109/ASEW60602.2023.00008

M3 - Conference Paper

AN - SCOPUS:85178518685

SN - 9798350330335

SP - 24

EP - 31

BT - Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023

A2 - Baruwal Chhetri, Mohan

A2 - Liu, Xiao

A2 - Grobler, Marthie

A2 - Hoang, Thuong

A2 - Renaud, Karen

A2 - Arora, Chetan

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - Workshop on Human-Centric Software Engineering and Cyber Security 2023

Y2 - 11 September 2023 through 11 September 2023

ER -

Pikulin V, Kubo D, Nissanka K, Bandara S, Shamsiemon MA, Yasmin A et al. Towards developer-centered secure coding training. In Baruwal Chhetri M, Liu X, Grobler M, Hoang T, Renaud K, Arora C, editors, Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2023. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2023. p. 24-31 doi: 10.1109/ASEW60602.2023.00008

Towards developer-centered secure coding training

Abstract

Conference

Keywords

Access to Document

Other files and links

HCMDSE: Human-centric Model-driven Software Engineering

Cite this

Towards developer-centered secure coding training

Abstract

Conference

Keywords

Access to Document

Other files and links

Projects

HCMDSE: Human-centric Model-driven Software Engineering

Cite this