An official website of the United States government
Security failures in software arising from failures to practice secure programming are commonplace. Improving this situation requires that practitioners have a clear understanding of the foundational concepts in secure programming to serve as a basis for building new knowledge and responding to new challenges. We developed a Secure Programing Concept Inventory (SPCI) to measure students' understanding of foundational concepts in secure programming. The SPCI consists of thirty-five multiple choice items targeting ten concept areas of secure programming. The SPCI was developed by establishing the content domain of secure programming, developing a pool of test items, multiple rounds of testing and refining the items, and finally testing and inventory reduction to produce the final scale. Scale development began by identifying the core concepts in secure programming. A Delphi study was conducted with thirty practitioners from industry, academia, and government to establish the foundational concepts of secure programming and develop a concept map. To build a set of misconceptions in secure programming, the researchers conducted interviews with students and instructors in the field. These interviews were analyzed using content analysis. This resulted in a taxonomy of misconceptions in secure programming covering ten concept areas. An item pool of multiple-choice questions was developed. The item pool of 225 was administered to a population of 690 students across four institutions. Item discrimination and item difficulty scores were calculated, and the best performing items were mapped to the misconception categories to create subscales for each concept area resulting in a validated 35 item scale.
more »
« less
Measuring self-efficacy in secure programming
Computing students are not receiving enough education and practice in secure programming. A key part of being able to successfully implement secure programming practices is the development of secure programming self-efficacy. This paper examines the development of a scale to measure secure programming self-efficacy among students participating in a secure programming clinic (SPC). The results show that the secure programming self-efficacy scale is a reliable and useful measure that correlates satisfactorily with related measures of programming expertise. This measure can be used in secure programming courses and other learning environments to assess students’ secure programming efficacy.
more »
« less
- PAR ID:
- 10296440
- Date Published:
- Journal Name:
- Information Security Education for Cyber Resilience. WISE 2021. IFIP Advances in Information and Communication Technology
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Undergraduate programs in computer science (CS) face high dropout rates, and many students struggle while learning to program. Studies show that perceived programming ability is a significant factor in students' decision to major in CS. Fortunately, psychology research shows that promoting the growth mindset, or the belief that intelligence grows with effort, can improve student persistence and performance. However, mindset interventions have been less successful in CS than in other domains. We conducted a small-scale interview study to explore how CS students talk about their intelligence, mindsets, and programming behaviors. We found that students' mindsets rarely aligned with definitions in the literature; some present mindsets that combine fixed and growth attributes, while others behave in ways that do not align with their mindsets. We also found that students frequently evaluate their self-efficacy by appraising their programming intelligence, using surprising criteria like typing speed and ease of debugging to measure ability. We conducted a survey study with 103 students to explore these self-assessment criteria further, and found that students use varying and conflicting criteria to evaluate intelligence in CS. We believe the criteria that students choose may interact with mindsets and impact their motivation and approach to programming, which could help explain the limited success of mindset interventions in CS.more » « less
-
This paper explores a learning environment that may foster innovation in the engineering curriculum. In this study, the innovation self-efficacy of undergraduate environmental engineering students is explored in a target course before and after a curricular intervention which has been shown to have the potential to enhance innovation self-efficacy. A design mentor and an education mentor outside of the course supported the students through their engineering design process. During the start and end of this curricular intervention, a survey consisting of the Very Brief Innovation Self-Efficacy scale (ISE.5), the Innovation Interests scale (INI), and the Career Goals: Innovative Work scale (CGIW) was administered to measure students’ shift in: 1) Innovation Self-Efficacy, 2) Innovation Interests, and 3) Innovative Work. Formal feedback from the mentors was utilized in interpreting the survey outcomes. Results generated from this survey show a modest increase in innovation self-efficacy. Nevertheless, less impact was found compared to the previous year when innovation attitudes were weaker in the pre-survey.more » « less
-
null (Ed.)Undergraduate computer science (CS) programs often suffer from high dropout rates. Recent research suggests that self-efficacy -- an individual's belief in their ability to complete a task -- can influence whether students decide to persist in CS. Studies show that students' self-assessments affect their self-efficacy in many domains, and in CS, researchers have found that students frequently assess their programming ability based on their expectations about the programming process. However, we know little about the specific programming experiences that prompt the negative self-assessments that lead to lower self-efficacy. In this paper, we present findings from a survey study with 214 CS1 students from three universities. We used vignette-style questions to describe thirteen programming moments which may prompt negative self-assessments, such as getting syntax errors and spending time planning. We found that many students across all three universities reported that they negatively self-assess at each of the thirteen moments, despite the differences in curriculum and population. Furthermore, those who report more frequent negative self-assessments tend to have lower self-efficacy. Finally, our findings suggest that students' perceptions of professional programming practice may influence their expectations and negative self-assessments. By reducing the frequency that students self-assess negatively while programming, we may be able to improve self-efficacy and decrease dropout rates in CS.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Conference Paper:
- https://doi.org/10.1007/978-3-030-80865-5_6
