Cybersecurity games for secure programming education in the industry: gameplay analysis

To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges....

ver descrição completa

Detalhes bibliográficos
Autor principal: Gasiba, Tiago (author)
Outros Autores: Lechner, Ulrike (author), Rezabek, Filip (author), Pinto-Albuquerque, M. (author)
Formato: conferenceObject
Idioma:eng
Publicado em: 2020
Assuntos:
education
training
secure coding
industry
cybersecurity
capture-the-flag
game analysis
cybersecurity challenge
Texto completo:http://hdl.handle.net/10071/20900
País:Portugal
Oai:oai:repositorio.iscte-iul.pt:10071/20900
Descrição
Resumo:To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study.

Registros relacionados