Discipline: Computer Sciences and Information Management
Subcategory: Computer Science & Information Systems
Darrion Long - Lincoln University
Co-Author(s): Xiaohong Yuan, North Carolina Agricultural and Technical State Univeristy, Greensboro, NC
How can secure coding be taught at the undergraduate level? Due to the recent surge of attacks in the cyber world it is now time to ask how we may prepare a new generation of programmers to deal with handling the rigorous demand of the nonfunctional requirements of security in software. If current curriculums of computer science and related fields are preparing students using a security-focused paradigm and practices, then students would be able to handle the challenges of security requirements of the software industry. The undergraduate level must address the lack of security taught. A population of universities offers specialized undergraduate curriculums emphasizing in cybersecurity or information assurance to give students the insight and skills to discuss the nonfunctional security requirements in the area of programming and networking. As opposed to standard curriculums where of computer science and related fields have students discuss security at junior and senior level courses, so students are unaware how to adopt secure and robust practices into their programming habits to form a safe software engineering process.
The research consists of reviewing work to determine effective methods to bring to the undergraduate curriculum to allow students to understand the application of security towards the knowledge and expectations of their degree. The practices of secure coding, i.e., addressing dangling pointers and avoiding buffer overflows, can shift students’ paradigm of focusing only on developing functional requirements to secure development of functional requirements. Also, students would undergo testing and verification practices of various practices to ensure that their software is secure.
Secure coding practices at the undergraduate level can help students emphasize secure and robust programming habits to make them an efficient programmer whom can avoid issues of exploitable vulnerabilities and weaknesses within the programming structure. Future work to be considered would be implementing the practices within an undergraduate curriculum to survey the students’ knowledge and application of practices to ensure comfortability in secure software development.
Funder Acknowledgement(s): Minority Serving Institutions Partnership Program (MSIPP)
Faculty Advisor: Dr. David Heise, heised@lincolnu.edu
Role: This focus of the undergraduate thesis was done by communicating with co-author, Dr. Xiaohong Yuan from North Carolina Agricultural and Technical State University. The faculty mentor Dr. David Heise whom I would meet with to conduct a weekly meeting to report my findings and status updates of the undergraduate thesis that I communicated with Dr. Yuan. Also, my responsibility included the research of various papers of related topics of teaching secure software engineering to be included in the undergraduate thesis as references.