Evaluating Secure Programming Knowledge
M. Bishop, J. Dai, M. Dark, I. Ngambeki, P. Nico, and M. Zhu, “Evaluating Secure Programming Knowledge,” Proceedings of the 10th World Conference on Information Security Education pp. 51–62 (May 2017).
- Published version web page, paper paywalled at Springer: [DOI] [URL]
- Authors’ final version:
Secure programming is a widely used term for programming robustly. Applying the principles and methodologies of this style of programming would significantly improve the quality of software in use today. Teaching students how to program robustly, or securely, is a first step towards this goal. This paper presents a concept map for secure programming and then some questions used to evaluate students’ knowledge of this subject. These questions have been given both before and after a term of programming, computer security, and other classes that cover this subject. In this paper, we discuss how the questions reveal the students’ understanding of material in the concept map, and what erroneous ideas the questions reveal.