"I Don't Know Too Much About It": On the Security Mindsets of Computer Science Students

被引：6

作者：

Tahaei, Mohammad ^{[1
]}

Jenkins, Adam ^{[1
]}

Vaniea, Kami ^{[1
]}

Wolters, Maria ^{[1
]}

机构：

[1] Univ Edinburgh, Sch Informat, Edinburgh, Midlothian, Scotland

来源：

SOCIO-TECHNICAL ASPECTS IN SECURITY AND TRUST, STAST 2019 | 2021年 / 11739卷

关键词：

Usable security; Secure programming; Computer science students; Software developers; Software development; Education; MENTAL MODELS; INTERNSHIPS; DEVELOPERS; PRIVACY;

D O I：

10.1007/978-3-030-55958-8_2

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

The security attitudes and approaches of software developers have a large impact on the software they produce, yet we know very little about how and when these views are constructed. This paper investigates the security and privacy (S&P) perceptions, experiences, and practices of current Computer Science students at the graduate and undergraduate level using semi-structured interviews. We find that the attitudes of students already match many of those that have been observed in professional level developers. Students have a range of hacker and attack mindsets, lack of experience with security APIs, a mixed view of who is in charge of S&P in the software life cycle, and a tendency to trust other peoples' code as a convenient approach to rapidly build software. We discuss the impact of our results on both curriculum development and support for professional developers.

引用

页码：27 / 46

页数：20

共 72 条

[1] Comparing the Usability of Cryptographic APIs [J].

Acar, Yasemin ;

Backes, Michael ;

Fahl, Sascha ;

Garfinkel, Simson ;

Kim, Doowon ;

Mazurek, Michelle L. ;

Stransky, Christian .

2017 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2017, :154-171

[2] Developers Need Support, Too: A Survey of Security Advice for Software Developers [J].

Acar, Yasemin ;

Stransky, Christian ;

Wermke, Dominik ;

Weir, Charles ;

Mazurek, Michelle L. ;

Fahl, Sascha .

2017 IEEE CYBERSECURITY DEVELOPMENT (SECDEV), 2017, :22-26

[3]

Acar Y, 2016, 2016 IEEE CYBERSECURITY DEVELOPMENT (IEEE SECDEV 2016), P3, DOI [10.1109/SecDev.2016.013, 10.1109/SecDev.2016.20]

[4] You Get Where You're Looking For The Impact of Information Sources on Code Security [J].

Acar, Yasemin ;

Backes, Michael ;

Fahl, Sascha ;

Kim, Doowon ;

Mazurek, Michelle L. ;

Stransky, Christian .

2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP), 2016, :289-305

[5]

[Anonymous], 2018, Google Earth

[6]

[Anonymous], 2015, Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software Onward

[7]

Arce I., 2014, IEEE COMP SOC CTR SE

[8]

Asgharpour F, 2007, LECT NOTES COMPUT SC, V4886, P367, DOI 10.1007/978-3-540-77366-5_34

[9]

Assal H, 2018, PROCEEDINGS OF THE FOURTEENTH SYMPOSIUM ON USABLE PRIVACY AND SECURITY, P281

[10] "Think secure from the beginning": A Survey with Software Developers [J].

Assal, Hala ;

Chiasson, Sonia .

CHI 2019: PROCEEDINGS OF THE 2019 CHI CONFERENCE ON HUMAN FACTORS IN COMPUTING SYSTEMS, 2019,

← 1 2 3 4 5 6 7 8 →