ABSTRACT
Learning software security has become a complex and difficult task today than it was even a decade ago. With the increased complexity of computer systems and a variety of applications, it is hard for software developers to master the expertise required to deal with the variety of security concepts, methods, and technologies that are required in software projects. Although a large number of security learning materials are widely available in books, open literature or on the Internet, they are difficult for learners to understand the rationale of security topics and correlate the concepts with real software scenarios. We argue that the traditional approach, which usually organizes knowledge content topically, with security-centric, is not suitable to motivate learners and stimulate learners' interest. To tackle this learning issue, our research is focused on forging a contextualized learning environment for software security where learners can explore security knowledge and relate it to the context that they are familiar with. This learning system is developed base on our proposed context-based learning approach and based on ontological technologies. In this paper, we present our evaluation study in the open source software (OSS) development environment. Our results demonstrate that contextualized learning can help OSS developers identify their necessary security information, improve learning efficiency and make security knowledge more meaningful for their software development tasks
- Bishop, M. (2010), "A Clinic for" Secure" Programming". IEEE Security & Privacy, volume 8, issue 2. Google ScholarDigital Library
- Viega, J. and G.R. McGraw (2001), "Building secure software: how to avoid security problems the right way". volume: Pearson Education. Google ScholarDigital Library
- Barnum, S. and G. McGraw (2005), "Knowledge for software security". IEEE Security & Privacy, volume 3, issue 2, pages 74--78. Google ScholarDigital Library
- Basili, V.R. and H.D. Rombach (1991), "Support for comprehensive reuse". Software engineering journal, volume 6, issue 5, pages 303--316. Google ScholarDigital Library
- Lindvall, M. and I. Rus (2000), "Process diversity in software development". IEEE software, volume 17, issue 4, pages 14--18. Google ScholarDigital Library
- McGraw, G. (2006), "Software security: building security in". volume 1. MA, USA: Addison-Wesley Professional. Google ScholarDigital Library
- Shuaibu, B.M., et al. (2015), "Systematic review of web application security development model". volume 43, issue 2, pages 259--276. Google ScholarDigital Library
- Mohammed, N.M., et al. (2017), "Exploring software security approaches in software development lifecycle: A systematic mapping study". volume 50, issue, pages 107--115. Google ScholarDigital Library
- Wen, S.-F. (2017), "Software Security in Open Source Development: A Systematic Literature Review". in Proceedings of the 21st Conference of Open Innovations Association FRUCT. Helsinki, Finland. Google ScholarDigital Library
- Ko, A.J. and B.A. Myers (2008), "Debugging reinvented: asking and answering why and why not questions about program behavior". in Proceedings of the 30th international conference on Software engineering. ACM. Google ScholarDigital Library
- Apvrille, A. and M. Pourzandi (2005), "Secure software development by example". IEEE Security & Privacy, volume 3, issue 4, pages 10--17. Google ScholarDigital Library
- Cooper, S. and S. Cunningham (2010), "Teaching computer science in context". Acm Inroads, volume 1, issue 1, pages 5--8. Google ScholarDigital Library
- Guzdial, M. (2010), "Does contextualized computing education help?". ACM Inroads, volume 1, issue 4, pages 4--6. Google ScholarDigital Library
- Diethelm, I., P. Hubwieser, and R. Klaus (2012), "Students, teachers and phenomena: educational reconstruction for computer science education". in Proceedings of the 12th Koli Calling International Conference on Computing Education Research. ACM. Google ScholarDigital Library
- Guzdial, M. (2006), "Teaching computing for everyone". Journal of Computing Sciences in Colleges, volume 21, issue 4, pages 6--6. Google ScholarDigital Library
- Wen, S.-F. and B. Katt (2019), "Towards a Context-Based Approach for Software Security Learning". Journal of Applied Security Research, volume 15, issue 2.Google Scholar
- Wen, S.-F. and B. Katt (2019), "Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security". in Proceedings of the 23rd International Conference on Evaluation and Assessment in Software Engineering, EASE 2019, April 14-17, 2019. Copenhagen, Denmark. Google ScholarDigital Library
- Berns, R.G. and P.M. Erickson (2001), "Contextual Teaching and Learning: Preparing Students for the New Economy. The Highlight Zone: Research@ Work No. 5".Google Scholar
- Naidu, S. (2008), "Situated learning designs for professional development: Fundamental principles and case studies". in Fifth Pan-Commonwealth Forum on Open Learning.Google Scholar
- Giamellaro, M.J.I.J.o.S.E. (2014), "Primary contextualization of science learning through immersion in content-rich settings". volume 36, issue 17, pages 2848--2871.Google Scholar
- Bennett, J., F. Lubben, and S.J.S.e. Hogarth (2007), "Bringing science to life: A synthesis of the research evidence on the effects of context-based and STS approaches to science teaching". volume 91, issue 3, pages 347--370.Google Scholar
- Parchmann, I., et al. (2006), ""Chemie im Kontext": A symbiotic implementation of a context-based teaching and learning approach". volume 28, issue 9, pages 1041--1062.Google Scholar
- Specht, M. (2008), "Designing contextualized learning", in Handbook on information technologies for education and training, Springer. pages 101--111.Google ScholarCross Ref
- Rivet, A.E. and J. Krajcik (2008), "Contextualizing instruction: Leveraging students' prior knowledge and experiences to foster understanding of middle school science". Journal of Research in Science Teaching: The Official Journal of the National Association for Research in Science Teaching, volume 45, issue 1, pages 79--100.Google Scholar
- Davtyan, R. (2014), "Contextual learning". in ASEE 2014 Zo. 1 Conf.Google Scholar
- Rouse, W.B. and N.M. Morris (1986), "On looking into the black box: Prospects and limits in the search for mental models". Psychological bulletin, volume 100, issue 3, pages 349.Google Scholar
- Kieras, D.E. and S.J.C.s. Bovair (1984), "The role of a mental model in learning to operate a device". volume 8, issue 3, pages 255--273.Google Scholar
- Goldstone, R.L. and J.Y. Son (2005), "The transfer of scientific principles using concrete and idealized simulations". The Journal of the Learning Sciences, volume 14, issue 1, pages 69--110.Google ScholarCross Ref
- Kamina, P. and N.N. Iyer (2009), "From concrete to abstract: Teaching for transfer of learning when using manipulatives". in Proceedings of the Northeastern Educational Research Association (NERA) 2009.6.Google Scholar
- Gruber, T.R. (1995), "Toward principles for the design of ontologies used for knowledge sharing?". International journal of human-computer studies, volume 43, issue 5, pages 907--928. Google ScholarDigital Library
- Tudorache, T., et al. (2013), "WebProtégé: A collaborative ontology editor and knowledge acquisition tool for the web". Semantic web, volume 4, issue 1, pages 89--99. Google ScholarDigital Library
- Shambaugh, N. (1995), "The cognitive potentials of visual constructions". Journal of Visual Literacy, volume 15, issue 1, pages 7--24.Google ScholarCross Ref
- OWASP, "OWASP Top 10 Application Security Risks - 2017"; Available from: https://www.owasp.org/index.php/Top_10-2017_Top_10. (Accessed on March 3, 2019)Google Scholar
- Berry, L.M. and J.P. Houston (1993), "Psychology at work: An introduction to industrial and organizational psychology". volume: Brown & Benchmark/Wm. C. Brown Publ.Google Scholar
- GitHub, "Github user search"; Available from: https://github.com/search?q=type:user&type=Users. (Accessed on March 3, 2019)Google Scholar
- GitHub, "Celebrating nine years of GitHub with an anniversary sale"; Available from: https://github.com/blog/2345-celebrating-nine-years-of-github-with-an-anniversary-sale. (Accessed on March 3, 2019)Google Scholar
- Numally, J.C. (1978), "Psychometric theory". NY: McGraw-Hill.Google Scholar
- Kozeracki, C.A. (2005), "Preparing faculty to meet the needs of developmental students". New directions for community colleges, volume 129: Responding to thechallenges of developmental education, issue, pages 39--49.Google Scholar
- Dean, R.J. and L. Dagostino (2007), "Motivational factors affecting advanced literacy learning of community college students". Community College Journal of Research Practice, volume 31, issue 2, pages 149--161.Google ScholarCross Ref
- Cordova, D.I. and M.R. Lepper (1996), "Intrinsic motivation and the process of learning: Beneficial effects of contextualization, personalization, and choice". Journal of educational psychology, volume 88, issue 4, pages 715.Google ScholarCross Ref
- Wen, S.-F. (2018), "Learning secure programming in open source software communities: a socio-technical view". in Proceedings of the 6th International Conference on Information and Education Technology. ACM. Google ScholarDigital Library
Index Terms
- Learning Software Security in Context: An Evaluation in Open Source Software Development Environment
Recommendations
Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security
EASE '19: Proceedings of the 23rd International Conference on Evaluation and Assessment in Software EngineeringLearning software security is a big challenging task in the information technology sector due to the vast amount of security knowledge and the difficulties in understanding the practical applications. The traditional teaching and learning materials, ...
An Ontology-Based Context Model for Managing Security Knowledge in Software Development
FRUCT'23: Proceedings of the 23rd Conference of Open Innovations Association FRUCTSoftware security has been the focus of the security community and practitioners over the past decades. Much security information is widely available in books, open literature or on the internet. We argue that the generated huge mass of information has ...
Software security in agile software development: a literature review of challenges and solutions
XP '18: Proceedings of the 19th International Conference on Agile Software Development: CompanionThere has been a surge in number of software security threats and vulnerabilities in recent times. At the same time, expectations towards software and data security are growing. Thus there is a need to ensure that security-related tasks are effectively ...
Comments