Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Is Secure Coding Education in the Industry Needed?: An Investigation Through a Large Scale Survey
Siemens AG, DEU.
Univ Bundeswehr Munchen, DEU.
Inst Univ Lisboa ISCTE IUL, PRT.
Blekinge Institute of Technology, Faculty of Computing, Department of Software Engineering.ORCID iD: 0000-0003-0619-6027
2021 (English)In: 2021 IEEE/ACM 43RD INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: JOINT TRACK ON SOFTWARE ENGINEERING EDUCATION AND TRAINING (ICSE-JSEET 2021), IEEE COMPUTER SOC , 2021, p. 241-252Conference paper, Published paper (Refereed)
Abstract [en]

The Department of Homeland Security in the United States estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding. The financial impact of these vulnerabilities has been shown to exceed 380 million USD in industrial control systems alone. Since software developers write software, they also introduce these vulnerabilities into the source code. However, secure coding guidelines exist to prevent software developers from writing vulnerable code. This study focuses on the human factor, the software developer, and secure coding, in particular secure coding guidelines. We want to understand the software developersi awareness and compliance to secure coding guidelines and why, if at all, they arenit compliant or aware. We base our results on a large-scale survey on secure coding guidelines, with more than 190 industrial software developers. Our workis main contribution motivates the need to educate industrial software developers on secure coding guidelines, and it gives a list of fifteen actionable items to be used by practitioners in the industry. We also make our raw data openly available for further research.

Place, publisher, year, edition, pages
IEEE COMPUTER SOC , 2021. p. 241-252
Series
Proceedings - International Conference on Software Engineering, ISSN 0270-5257, E-ISSN 1558-1225 ; 43
Keywords [en]
education; training; industry; secure coding guidelines; software developers; awareness; survey
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:bth-22283DOI: 10.1109/ICSE-SEET52601.2021.00034ISI: 000704136000026ISBN: 978-0-7381-3320-1 (print)OAI: oai:DiVA.org:bth-22283DiVA, id: diva2:1608824
Conference
43rd IEEE/ACM International Conference on Software Engineering - Joint Track on Software Engineering Education and Training (ICSE-JSEET) / IEEE/ACM 43rd International Conference on Software Engineering -Software Engineering in Society (ICSE-SEIS), Online, MAY 25-28, 2021
Note

open access

Available from: 2021-11-04 Created: 2021-11-04 Last updated: 2022-12-02Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textarXiv.org

Authority records

Mendez, Daniel

Search in DiVA

By author/editor
Mendez, Daniel
By organisation
Department of Software Engineering
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 81 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf