Volume 12, Number 08, May 2022
Trac: An Approach to Teaching Security-Aware Programming in Undergraduate Computer Science Courses
Authors
Rochelle Elva, Rollins College, USA
Abstract
The unfortunate list of software failures, attacks, and other software disasters has made it apparent that software engineers need to produce reliable code. The Department of Homeland Security reports that 90% of software exploits are due to vulnerabilities resulting from defects in code. These defects are easy to exploit. They are potentially dangerous as they create software vulnerabilities that allow hackers to attack software, preventing it from working or compromising sensitive data. Thus, these defects need to be addressed as part of any effort to secure software. An effective strategy for addressing security-related code defects is to use defensive programming methods like security-aware programming. This paper presents TRAC, an approach to teaching security-aware programming. The acronym stands for Teach, Revisit, Apply and Challenge. It also describes the implementation of the approach and the results of a small case study (n = 21), in a senior-level elective course.
Keywords
Security-Aware Programming, Secure Coding, Software Security, Teaching Secure Coding.