Secure Coding for Software Developers

Software security continues to be a matter of concern for both end-users and developers. The cost of potential lapses is expected to become larger as software plays a larger role in society. Organisations are not achieving the expected success rate despite investments in secure coding training programmes. An often overlooked reason for this, among many others, is that current training programmes are not tailored to consider the diversity among software developers as it relates to human aspects.

In this research, data was gathered from software developers of various backgrounds on their perceptions of secure coding training and their needs for such a training program. Barriers that software developers may encounter when learning from these programs were also considered. The findings of this paper suggest that developers with personality traits of agreeableness tend to ignore secure coding standards.

Additionally, developers with higher work experience tend to demand storage management, responsible use of privileges, security and privacy laws and testing topics to be included in the secure coding training. Furthermore, in terms of training structure, developers with personality traits of openness tend to demand hands-on training to be included.

Finally, regarding work experience, there is an increasing demand for storage management, responsible use of privileges, security and privacy laws and testing topics to be taught as the years of work experience increase.

The study's findings seek to inform future researchers and organisations on factors to consider when designing adaptive secure coding programs that would address the needs of developers from different backgrounds.

Paper: Toward Developer-Centered Secure Coding Training

Project Lead

Dr Anuradha Madugalla

Project Team

Dr Tanjila Kanij, Dr Asangi Jayatilaka, FIT4003 student team (Arissha Redzuan, Daiki Kubo, Vladislav Pikulin, Muhammad Shamsiemon, Sadeeptha Bandara, Kaveesha Nissanka)