Software Security: Building Security In
Software Security: Building Security In
The Security Development Lifecycle
The Security Development Lifecycle
Secure Software Engineering: A New Paradigm
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
A Clinic for "Secure" Programming
IEEE Security and Privacy
Teaching secure coding: the myths and the realities
Proceeding of the 44th ACM technical symposium on Computer science education
| Hi-index | 0.00 |
The recent addition of the Information Assurance and Security (IAS) Knowledge Area (KA) to the ACM/IEEE draft Computer Science Curricula 2013 indicates the importance of preparing computer science graduates to design and implement secure software. We have identified material in the Information Assurance and Security/Defensive Programming KA that can easily be taught to beginning programmers. In this paper, we recommended secure coding topics based on our experience in teaching secure coding in CS0/CS1 courses. We discussed how these topics can be mapped to IAS Knowledge Areas, as well as the unique challenges of teaching secure coding to beginning programmers. We also point out some behaviors of beginning programmers leading to insecure programs that may need the instructor's attention. The information reported in this paper will help other computer science educators to incorporate secure coding into their CS0/CS1 courses. Our future work includes designing more assessment tools to evaluate beginning programmer's learning of secure coding.