58,871 Hits in 6.1 sec

Motivating secure coding practices in a freshman-level programming course

Bryson R. Payne, Aaron R. Walker
2014 Proceedings of the 2014 Information Security Curriculum Development Conference on - InfoSec '14  
The approach described in this paper seeks to motivate computer science students to write secure code almost from the very beginning by focusing on concrete examples of common software vulnerabilities  ...  real-world examples in secure app development in their programming courses at any level.  ...  their understanding, ability and performance at developing secure code in later courses.  ... 
doi:10.1145/2670739.2670749 dblp:conf/infoseccd/PayneW14 fatcat:fyyaj2c37zfwvkfxut2nnegznu

A Framework for a Multi-Layered Security of an Automated Programming Code Assessment Tool

Mohd Fadzli Marhusin, Muhammad Firdaus Zul Kafli, Rossilawati Sulaiman, Shaharudin Ismail, Zul Hilmi Abdullah
2015 Journal of Computer Science  
In this research, we introduce the architecture for a multi-layered security of automated assessment of programming code. First, we review the existing research studies in the area.  ...  In a learning environment, a low student-lecturer ratio is considered a practical solution by many educational institutions.  ...  Author's Contributions All authors equally contributed in this work. Ethics This article is original and contains unpublished material.  ... 
doi:10.3844/jcssp.2015.406.415 fatcat:mgqpnto4nnc2fhlwhinrrftv2u

An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples [article]

Morteza Verdi, Ashkan Sami, Jafar Akhondali, Foutse Khomh, Gias Uddin, Alireza Karami Motlagh
2021 arXiv   pre-print
This paper aims to understand the nature and the prevalence of security vulnerabilities in crowd-sourced code examples.  ...  To achieve this goal, we investigate security vulnerabilities in the C++ code snippets shared on Stack Overflow over a period of 10 years.  ...  A group meeting of 12 graduate students who previously had system and/or software security courses at graduate level finalized the first round of review.  ... 
arXiv:1910.01321v2 fatcat:ul4ntfmygzdvpl7lhbkr56idaa

Blindspots in Python and Java APIs Result in Vulnerable Code [article]

Yuriy Brun, Tian Lin, Jessie Elise Somerville, Elisha Myers, Natalie C. Ebner
2021 arXiv   pre-print
developers recognize blindspots in APIs as they write code that uses those APIs.  ...  Blindspots in APIs can cause software engineers to introduce vulnerabilities, but such blindspots are, unfortunately, common.  ...  [102] conducted interviews with professional developers to understand secure coding practices.  ... 
arXiv:2103.06091v1 fatcat:nu7xxtcjljgo7k3dnqr5yu4hsi

Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry

Tiago Gasiba, Ulrike Lechner, Jorge Cuellar, Alae Zouitni, Alberto Simões, Ricardo Queirós, Filipe Portela, Mário Pinto
2020 International Computer Programming Education Conference  
In this work, we devise a method, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant  ...  Furthermore, we do a small comparison study by asking computer science students from university on how they rank the importance of secure coding guidelines and compare the outcome to our results.  ...  study between real-world data and student perception of ranking of secure coding guidelines Related Work In industry several IT security standards, e.g  ... 
doi:10.4230/oasics.icpec.2020.11 dblp:conf/icpec/GasibaLCZ20 fatcat:gkp6bnl6xnd23kquwadglsy6ru

Method and utility for recovering code algorithms of telecommunication devices for vulnerability search

Mikhail Buinevich, Konstantin Izrailov
2014 16th International Conference on Advanced Communication Technology  
The article describes a method for searching vulnerabilities in machine code based on the analysis of its algorithmized representation obtained with the help of an utility being a part of the method.  ...  A forecast is given as to developing the method and the utility in the near future.  ...  And thirdly, a doctoral research student at SPbSUT, Engr. Tiamiyu A. Osuolale from Nigeria, for his assistance in editing and translation of the article into the working language of the conference.  ... 
doi:10.1109/icact.2014.6778943 fatcat:2d3ofvcusbafza3gjxhvjorkd4

Software Quality and Security in Teachers' and Students' Codes When Learning a New Programming Language

Shlomi Boutnaru, Arnon Hershkovitz
2015 Interdisciplinary Journal of e-Skills and Lifelong Learning  
that predicts whether a student or a teacher wrote a given code (resulting with a LOOCV kappa of 0.751).  ...  – and that the students' codes are slightly better secured than the teachers' codes (although both populations show very low security levels).  ...  It is important to emphasize that keeping in mind coding style was not a goal of the courses which the participant teachers/students took, nor was it learned during these courses.  ... 
doi:10.28945/2292 fatcat:gv7jrocxjbdxjokygfxwxjt23e

Counting Bugs is Harder Than You Think

Paul E. Black
2011 2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation  
For instance, is a warning from a source code scanner a real bug, a false positive, or something else?  ...  We review some SAMATE sub-projects: web application security scanners, malware research protocol, electronic voting systems, the SAMATE Reference Dataset, a public repository of thousands of example programs  ...  In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor does it imply that the products are necessarily the best available  ... 
doi:10.1109/scam.2011.24 dblp:conf/scam/Black11 fatcat:5v7d4szv4zgehf4tgzp2qaioou

UAS Pilots Code

Kristy K. Kiernan, Donald W. Steinman, Ryan J. Wallace
2016 Collegiate Aviation Review International  
Tools to advance UAS safety and professionalism Preface [Y]ou don't have to be a manned pilot to understand and embrace a safety culture.  ...  In some cases certain systems will not function effectively in some environments and RPs need to understand those limitations and the subsequent risks they incur by proceeding. a.  ...  "Code" - Code vs Code of Conduct: The term "Code" is a more concise version of the phrase "Code of Conduct" used in the ACI's earlier documents.  ... 
doi:10.22488/okstate.18.100485 fatcat:iwu4fsbc7resjllt7bghvt3sde

Anti-Patterns in Infrastructure as Code

Akond Rahman
2018 2018 IEEE 11th International Conference on Software Testing, Verification and Validation (ICST)  
We also identify 9 security anti-patterns i.e. coding patterns that are indicative of security weaknesses.  ...  The goal of this thesis is to help practitioners in increasing quality of IaC scripts by identifying development and security anti-patterns in the development of infrastructure as code scripts.  ...  - Wikimedia : Wikimedia We recruit students in a graduate course related to software engineering titled 'Software Security', via e-mail.  ... 
doi:10.1109/icst.2018.00057 dblp:conf/icst/Rahman18 fatcat:vrytux7oi5aatdr5cvg5bpuuee

Systemizers Are Better Code-Breakers: Self-Reported Systemizing Predicts Code-Breaking Performance in Expert Hackers and Naïve Participants

India Harvey, Samuela Bolgan, Daniel Mosca, Colin McLean, Elena Rusconi
2016 Frontiers in Human Neuroscience  
in information security and skilled performance in a prototypical hacking task (i.e., crypto-analysis or code-breaking).  ...  They were also tested with behavioral tasks involving code-breaking and a control task involving security X-ray image interpretation.  ...  ACKNOWLEDGMENTS This research was conducted in part fulfillment of IH's Honours degree. SB is supported by a Doctoral Studentship from Abertay University Graduate School.  ... 
doi:10.3389/fnhum.2016.00229 pmid:27242491 pmcid:PMC4868920 fatcat:pcrsgutdxbg7ri3aiwzr7qwt2i

Sensei: Enforcing secure coding guidelines in the integrated development environment

Pieter De Cremer, Nathan Desmet, Matias Madou, Bjorn De Sutter
2020 Software, Practice & Experience  
This empowers security experts in the team to distribute their knowledge in the form of guidelines and to monitor how well non-experts take up the knowledge.  ...  Shift left in the approach to security. Many of the vulnerability scanning tools use complex control flow and data flow analyses to scan for vulnerabilities in the product.  ...  ACKNOWLEDGEMENT The research by Pieter De Cremer at Ghent University and Secure Code Warrior is funded through a Baekeland mandate PhD grant from the Flanders Innovation and Entrepreneurship Agency (VLAIO  ... 
doi:10.1002/spe.2844 fatcat:yu3hekrinnb4nhrydmzswl3ama

Towards an ethical code for information security?

Steven J. Greenwald, Brian D. Snow, Richard Ford, Richard Thieme
2008 Proceedings of the 2008 workshop on New security paradigms - NSPW '08  
need a specialized code of ethics for the computer security field.  ...  Most computer scientists reflexively reject the idea of a malicious universe due to its conflict with the dominant scientific paradigm of a non-teleological impartially disinterested universe.  ...  of good will in the former vs. malice in the latter.  ... 
doi:10.1145/1595676.1595689 dblp:conf/nspw/GreenwaldSFT08 fatcat:q3zxhp2mencdbhmm6ccsggqcdi

Ethical Codes and Learning Analytics

Stephen Downes
2020 EDEN Conference Proceedings  
Such codes of conduct are drawn from similar codes in other disciplines. Some authors assert that there are fundamental tenets common to all such codes.  ...  At the same time, this increased capacity has raised a range of ethical issues. A common approach to address these issues is to develop an ethical code of conduct for practitioners.  ...  In the case of legal requirements, the law compels you to behave in a certain way, with increasing penalties for non-compliance.  ... 
doi:10.38069/edenconf-2020-ac0003 fatcat:tvfzwgimzjhjdnojysyiqahjhu

Formal concept analysis model for static code analysis

2021 Carpathian Journal of Mathematics  
In this paper we present a Formal Concept Analysis framework for static code analysis that can serve as a model for quantitative and qualitative exploration and interpretation of such results.  ...  Tools that focus on static code analysis for early error detection are of utmost importance in software development, especially since the propagation of errors is strongly related to higher costs in the  ...  We applied this model for Pylint, a static analysis tool for the Python language, and conducted a case study targeting student assignments for the Fundamentals of Programming first year course at the Babes  ... 
doi:10.37193/cjm.2022.01.13 fatcat:uaprexgrdfc3xl7wjm7ycmsly4
« Previous Showing results 1 — 15 out of 58,871 results