Cybersecurity games for secure programming education in the industry: gameplay analysis

To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges....

Full description

Bibliographic Details
Main Author: Gasiba, Tiago (author)
Other Authors: Lechner, Ulrike (author), Rezabek, Filip (author), Pinto-Albuquerque, M. (author)
Format: conferenceObject
Language:eng
Published: 2020
Subjects:
education
training
secure coding
industry
cybersecurity
capture-the-flag
game analysis
cybersecurity challenge
Online Access:http://hdl.handle.net/10071/20900
Country:Portugal
Oai:oai:repositorio.iscte-iul.pt:10071/20900
Description
Summary:To minimize the possibility of introducing vulnerabilities in source code, software developers may attend security awareness and secure coding training. From the various approaches of how to raise awareness and adherence to coding standards, one promising novel approach is Cybersecurity Challenges. However, in an industrial setting, time is a precious resource, and, therefore, one needs to understand how to optimize the gaming experience of Cybersecurity Challenges and the effect of this game on secure coding skills. This work identifies the time spent solving challenges of different categories, analyzes gaming strategies in terms of a slow and fast team profile, and relates these profiles to the game success. First results indicate that the slow strategy is more successful than the fast approach. The authors also analyze the possible implications in the design and the training of secure coding in an industrial setting by means of Cybersecurity Challenges. This work concludes with a brief overview of its limitations and next steps in the study.

Similar Items