Infusing software security in software engineering

Abstract

Software is now ubiquitous and software security is now realized as a growing threat. It is important for software developers to fix software security problems, however more imperative is for software developers to understand that security features are not to be introduced as patchwork when a security situation arises but are to be addressed and handled very early in the software development lifecycle. Industry's general lack of ignorance of software security benefits and more importantly the shortage of software practitioners possessing software security understanding creates multitude of problems in the software industry. Imparting real world experiences in the academia as well as the industry is a challenge due to lack of effective active learning tools (ALT). Riding on the success of developing and disseminating, 42 delivery hours of active learning tools in the area of software verification and validation the authors propose to partner with industry to develop 14 delivery hours of course modules developing ALTs in the form of class exercises, case studies, and case study videos and delivering them using a flipped classroom model. Through a gap analysis exercise jointly carried out with industry partners a draft requirements list has being identified. Specific exercises are being developed using an iterative development methodology. Student understanding is proposed to be assessed through quizzes, exams, assignment, and a learning survey. Once developed the ALTs will be made publicly available through a website. This paper discusses continuing work on the gap analysis in software security education, presents proposed contents areas for ALT, shares structures of three developed/proposed ALTs, presents a sample of a survey instrument, and presents a sample ALT on case study video.