A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Filters
Motivating secure coding practices in a freshman-level programming course
2014
Proceedings of the 2014 Information Security Curriculum Development Conference on - InfoSec '14
Preserved Fulltext
The approach described in this paper seeks to motivate computer science students to write secure code almost from the very beginning by focusing on concrete examples of common software vulnerabilities ...
real-world examples in secure app development in their programming courses at any level. ...
their understanding, ability and performance at developing secure code in later courses. ...
doi:10.1145/2670739.2670749
dblp:conf/infoseccd/PayneW14
fatcat:fyyaj2c37zfwvkfxut2nnegznu
A Framework for a Multi-Layered Security of an Automated Programming Code Assessment Tool
2015
Journal of Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
In this research, we introduce the architecture for a multi-layered security of automated assessment of programming code. First, we review the existing research studies in the area. ...
In a learning environment, a low student-lecturer ratio is considered a practical solution by many educational institutions. ...
Author's Contributions All authors equally contributed in this work.
Ethics This article is original and contains unpublished material. ...
doi:10.3844/jcssp.2015.406.415
fatcat:mgqpnto4nnc2fhlwhinrrftv2u
An Empirical Study of C++ Vulnerabilities in Crowd-Sourced Code Examples
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2019 pre-print arXiv:1910.01321v1 fatcat:yi37jfnxqrai7is33dwsydquwq
This paper aims to understand the nature and the prevalence of security vulnerabilities in crowd-sourced code examples. ...
To achieve this goal, we investigate security vulnerabilities in the C++ code snippets shared on Stack Overflow over a period of 10 years. ...
A group meeting of 12 graduate students who previously had system and/or software security courses at graduate level finalized the first round of review. ...
arXiv:1910.01321v2
fatcat:ul4ntfmygzdvpl7lhbkr56idaa
Blindspots in Python and Java APIs Result in Vulnerable Code
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
developers recognize blindspots in APIs as they write code that uses those APIs. ...
Blindspots in APIs can cause software engineers to introduce vulnerabilities, but such blindspots are, unfortunately, common. ...
[102] conducted interviews with professional developers to understand secure coding practices. ...
arXiv:2103.06091v1
fatcat:nu7xxtcjljgo7k3dnqr5yu4hsi
Ranking Secure Coding Guidelines for Software Developer Awareness Training in the Industry
2020
International Computer Programming Education Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In this work, we devise a method, based on publicly available real-world vulnerability databases and secure coding guideline databases, to rank important secure coding guidelines based on defined industry-relevant ...
Furthermore, we do a small comparison study by asking computer science students from university on how they rank the importance of secure coding guidelines and compare the outcome to our results. ...
study between real-world data and student perception of ranking of secure coding guidelines
Related Work In industry several IT security standards, e.g ...
doi:10.4230/oasics.icpec.2020.11
dblp:conf/icpec/GasibaLCZ20
fatcat:gkp6bnl6xnd23kquwadglsy6ru
Method and utility for recovering code algorithms of telecommunication devices for vulnerability search
2014
16th International Conference on Advanced Communication Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
The article describes a method for searching vulnerabilities in machine code based on the analysis of its algorithmized representation obtained with the help of an utility being a part of the method. ...
A forecast is given as to developing the method and the utility in the near future. ...
And thirdly, a doctoral research student at SPbSUT, Engr. Tiamiyu A. Osuolale from Nigeria, for his assistance in editing and translation of the article into the working language of the conference. ...
doi:10.1109/icact.2014.6778943
fatcat:2d3ofvcusbafza3gjxhvjorkd4
Software Quality and Security in Teachers' and Students' Codes When Learning a New Programming Language
2015
Interdisciplinary Journal of e-Skills and Lifelong Learning
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
that predicts whether a student or a teacher wrote a given code (resulting with a LOOCV kappa of 0.751). ...
– and that the students' codes are slightly better secured than the teachers' codes (although both populations show very low security levels). ...
It is important to emphasize that keeping in mind coding style was not a goal of the courses which the participant teachers/students took, nor was it learned during these courses. ...
doi:10.28945/2292
fatcat:gv7jrocxjbdxjokygfxwxjt23e
Counting Bugs is Harder Than You Think
2011
2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
For instance, is a warning from a source code scanner a real bug, a false positive, or something else? ...
We review some SAMATE sub-projects: web application security scanners, malware research protocol, electronic voting systems, the SAMATE Reference Dataset, a public repository of thousands of example programs ...
In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor does it imply that the products are necessarily the best available ...
doi:10.1109/scam.2011.24
dblp:conf/scam/Black11
fatcat:5v7d4szv4zgehf4tgzp2qaioou
UAS Pilots Code
2016
Collegiate Aviation Review International
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Tools to advance UAS safety and professionalism Preface [Y]ou don't have to be a manned pilot to understand and embrace a safety culture. ...
In some cases certain systems will not function effectively in some environments and RPs need to understand those limitations and the subsequent risks they incur by proceeding. a. ...
"Code" - Code vs Code of Conduct: The term "Code" is a more concise version of the phrase "Code of Conduct" used in the ACI's earlier documents. ...
doi:10.22488/okstate.18.100485
fatcat:iwu4fsbc7resjllt7bghvt3sde
Anti-Patterns in Infrastructure as Code
2018
2018 IEEE 11th International Conference on Software Testing, Verification and Validation (ICST)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We also identify 9 security anti-patterns i.e. coding patterns that are indicative of security weaknesses. ...
The goal of this thesis is to help practitioners in increasing quality of IaC scripts by identifying development and security anti-patterns in the development of infrastructure as code scripts. ...
- Wikimedia : Wikimedia We recruit students in a graduate course related to software engineering titled 'Software Security', via e-mail. ...
doi:10.1109/icst.2018.00057
dblp:conf/icst/Rahman18
fatcat:vrytux7oi5aatdr5cvg5bpuuee
Systemizers Are Better Code-Breakers: Self-Reported Systemizing Predicts Code-Breaking Performance in Expert Hackers and Naïve Participants
2016
Frontiers in Human Neuroscience
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
in information security and skilled performance in a prototypical hacking task (i.e., crypto-analysis or code-breaking). ...
They were also tested with behavioral tasks involving code-breaking and a control task involving security X-ray image interpretation. ...
ACKNOWLEDGMENTS This research was conducted in part fulfillment of IH's Honours degree. SB is supported by a Doctoral Studentship from Abertay University Graduate School. ...
doi:10.3389/fnhum.2016.00229
pmid:27242491
pmcid:PMC4868920
fatcat:pcrsgutdxbg7ri3aiwzr7qwt2i
Sensei: Enforcing secure coding guidelines in the integrated development environment
2020
Software, Practice & Experience
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
This empowers security experts in the team to distribute their knowledge in the form of guidelines and to monitor how well non-experts take up the knowledge. ...
Shift left in the approach to security. Many of the vulnerability scanning tools use complex control flow and data flow analyses to scan for vulnerabilities in the product. ...
ACKNOWLEDGEMENT The research by Pieter De Cremer at Ghent University and Secure Code Warrior is funded through a Baekeland mandate PhD grant from the Flanders Innovation and Entrepreneurship Agency (VLAIO ...
doi:10.1002/spe.2844
fatcat:yu3hekrinnb4nhrydmzswl3ama
Towards an ethical code for information security?
2008
Proceedings of the 2008 workshop on New security paradigms - NSPW '08
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
need a specialized code of ethics for the computer security field. ...
Most computer scientists reflexively reject the idea of a malicious universe due to its conflict with the dominant scientific paradigm of a non-teleological impartially disinterested universe. ...
of good will in the former vs. malice in the latter. ...
doi:10.1145/1595676.1595689
dblp:conf/nspw/GreenwaldSFT08
fatcat:q3zxhp2mencdbhmm6ccsggqcdi
Ethical Codes and Learning Analytics
2020
EDEN Conference Proceedings
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Such codes of conduct are drawn from similar codes in other disciplines. Some authors assert that there are fundamental tenets common to all such codes. ...
At the same time, this increased capacity has raised a range of ethical issues. A common approach to address these issues is to develop an ethical code of conduct for practitioners. ...
In the case of legal requirements, the law compels you to behave in a certain way, with increasing penalties for non-compliance. ...
doi:10.38069/edenconf-2020-ac0003
fatcat:tvfzwgimzjhjdnojysyiqahjhu
Formal concept analysis model for static code analysis
2021
Carpathian Journal of Mathematics
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
In this paper we present a Formal Concept Analysis framework for static code analysis that can serve as a model for quantitative and qualitative exploration and interpretation of such results. ...
Tools that focus on static code analysis for early error detection are of utmost importance in software development, especially since the propagation of errors is strongly related to higher costs in the ...
We applied this model for Pylint, a static analysis tool for the Python language, and conducted a case study targeting student assignments for the Fundamentals of Programming first year course at the Babes ...
doi:10.37193/cjm.2022.01.13
fatcat:uaprexgrdfc3xl7wjm7ycmsly4
« Previous
Showing results 1 — 15 out of 58,871 results