English

Raising Secure Coding Awareness for Software Developers in the Industry

Software Engineering 2021-02-23 v1

Abstract

Many industrial IT security standards and policies mandate the usage of a secure coding methodology in the software development process. This implies two different aspects: first, secure coding must be based on a set of secure coding guidelines, and second software developers must be aware of these secure coding practices. On the one side, secure coding guidelines seems a bit like a black-art: while there exist abstract guidelines that are widely accepted, low-level secure coding guidelines for different programming languages are scarce. On the other side, once a set of secure coding guidelines is chosen, a good methodology is needed to make them known by the people which should be using them, i.e. software developers. Motivated both by the secure coding requirements from industry standards and also by the mandate to train staff on IT security by the global industry initiative "Charter of Trust", this paper presents an overview of important research questions on how to choose secure coding guidelines and on how to raise software developer awareness for secure coding using serious games.

Keywords

Cite

@article{arxiv.2102.10431,
  title  = {Raising Secure Coding Awareness for Software Developers in the Industry},
  author = {Tiago Espinha Gasiba and Ulrike Lechner},
  journal= {arXiv preprint arXiv:2102.10431},
  year   = {2021}
}

Comments

Preprint accepted for publication at the 2019 IEEE 27th International Requirements Engineering Conference Workshops (REW)

R2 v1 2026-06-23T23:21:38.311Z