skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Exercise Perceptions: Experience Report from a Secure Software Development Course
The ubiquitous use of software in critical systems necessitates integrating cybersecurity concepts into the software engineering curriculum so that students studying software engineering have adequate knowledge to securely develop software projects, which could potentially secure critical systems. An experience report of developing and conducting a course can help educators to gain an understanding of student preferences on topics related to secure software development. We provide an experience report related to the ‘Secure Software Development’ course conducted at Tennessee Technological University. We discuss student motivations, as well as positive and negative perceptions of students towards exercises. Based on our findings, we recommend educators to integrate real-world exercises into a secure software development course with careful consideration of tool documentation, balance in exercise diversity, and student background.  more » « less
Award ID(s):
2026869
PAR ID:
10293099
Author(s) / Creator(s):
; ;
Editor(s):
Paiva, A.C.R.; Cavalli, A.R.; Ventura, Martins P.; Perez-Castillo, R.
Date Published:
Journal Name:
Quality of Information and Communications Technology (QUATIC) 2021
Volume:
1439
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, ITICSE 2021)
    null (Ed.)
    Students’ experience with software testing in undergraduate computing courses is often relatively shallow, as compared to the importance of the topic. This experience report describes introducing industrial-strength testing into CMPSC 156, an upper division course in software engineering at UC Santa Barbara . We describe our efforts to modify our software engineering course to introduce rigorous test-coverage requirements into full-stack web development projects, requirements similar to those the authors had experienced in a professional software development setting. We present student feedback on the course and coverage metrics for the projects. We reflect on what about these changes worked (or didn’t), and provide suggestions for other instructors that would like to give their students a deeper experience with software testing in their software engineering courses. 
    more » « less
  2. ; ; ; ; (, 2022 IEEE International Conference on Electro Information Technology (eIT))
    Ensuring software security is a critical task for a deliverable software system in today’s world, and its proper implementation guarantees the quality and security of the information ingested, stored, and processed by the system. It is imperative to introduce computer science and computer engineering students (CS/CE) with the secure software design practices early in their curriculum. This approach will help them understand fundamentals of secure programming, vulnerabilities in software systems, and secure software development before joining the industry workforce. In this paper, we propose an educational framework that integrates software security concepts in a software engineering design course. We envision that the framework will engage CS/CE students applying security principles and practices in different phases of the software development life cycle (SDLC) process. Our work focuses on review of common security requirements, policies, and mechanisms related to specific use cases as well as how those requirements are defined during the software design. 
    more » « less
  3. ; ; (, 2022 IEEE International Symposium on Smart Electronic Systems (iSES))
    Practical, hands-on experience is an essential component of computer science and engineering education, especially in the cybersecurity domain. In this project, we are investigating techniques for improving student learning in such courses, first by developing a new hands-on hardware security course, then by testing the impact of gamification on student learning. The experiments utilize only inexpensive, open-source or freely-available software and hardware, and upon project completion, the modules themselves will also be made freely available online. Improving student learning in this critical area can have a wide-spread positive societal impact as we encourage students to have a security-first, secure-by-design mindset. 
    more » « less
  4. ; ; ; ; ; (, Proceedings of the International Conference on Software Engineering)
    null (Ed.)
    Lack of security expertise among software practitioners is a problem with many implications. First, there is a deficit of security professionals to meet current needs. Additionally, even practitioners who do not plan to work in security may benefit from an increased understanding of security. The goal of this paper is to aid software engineering educators in designing a comprehensive software security course by sharing an experience running a software security course for the eleventh time. Through all the eleven years of running the software security course, the course objectives have been comprehensive -- ranging from security testing, to secure design and coding, to security requirements to security risk management. For the first time in this eleventh year, a theme of the course assignments was to map vulnerability discovery to the security controls of the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). Based upon student performance on a final exploratory penetration testing project, this mapping may have increased students' depth of understanding of a wider range of security topics. The students efficiently detected 191 unique and verified vulnerabilities of 28 different Common Weakness Enumeration (CWE) types during a three-hour period in the OpenMRS project, an electronic health record application in active use. 
    more » « less
  5. ; ; ; ; ; (, The Biophysicist)
    null (Ed.)
    ABSTRACT Recent advances in computer hardware and software, particularly the availability of machine learning (ML) libraries, allow the introduction of data-based topics such as ML into the biophysical curriculum for undergraduate and graduate levels. However, there are many practical challenges of teaching ML to advanced level students in biophysics majors, who often do not have a rich computational background. Aiming to overcome such challenges, we present an educational study, including the design of course topics, pedagogic tools, and assessments of student learning, to develop the new methodology to incorporate the basis of ML in an existing biophysical elective course and engage students in exercises to solve problems in an interdisciplinary field. In general, we observed that students had ample curiosity to learn and apply ML algorithms to predict molecular properties. Notably, feedback from the students suggests that care must be taken to ensure student preparations for understanding the data-driven concepts and fundamental coding aspects required for using ML algorithms. This work establishes a framework for future teaching approaches that unite ML and any existing course in the biophysical curriculum, while also pinpointing the critical challenges that educators and students will likely face. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email