Visible to the public EDU: Deploying and Evaluating Secure Programming Education in the IDEConflict Detection Enabled

Project Details

Performance Period

Sep 15, 2015 - Aug 31, 2018


University of North Carolina at Charlotte

Award Number

A number of researchers have advocated that secure programming instruction be integrated across a computing curriculum but there have been relatively few efforts examining how to successfully do so. The proposed research expands upon a previous project by focusing on advanced computing students and courses. The proposed activities include expanding ESIDE tool implementation to support a broader range of security guidelines and code, providing increased contextualization of the instructional materials within the tool, and developing materials and practices for faculty adopting the tool.

The preliminary research demonstrated that ESIDE can potentially provide greater awareness and knowledge of secure programming. The primary goal is to investigate whether ESIDE can increase students' awareness, knowledge, and practice of secure programming. The project will also examine the incentives, course structures, and faculty support that enable successful use and learning with ESIDE within advanced computing courses. Through multiple deployment studies, the project will gather measures of student attitudes, learning, and behaviors, as well as course and faculty measures that impact ESIDE use.

The outcomes of this research will provide a better understanding of the integration of secure programming instruction within a computing curriculum, as well as a deployable tool for faculty to adopt. Through the deployment of ESIDE in the proposed research, the project will directly impact students in at least 8 computing courses at different institutions, including a HBCU. This research will inform the broader community on the potential for integrated learning of security practices, and the specific tool design and course practices that facilitate that learning. The resulting tool and educational materials can then be adopted or expanded by faculty and educators. The project will disseminate the ESIDE tool by releasing it as an open source project; publishing at education and security venues; and working with an author of a popular Java textbook to include the tool in future editions.