The security attitudes and approaches of software developers have a large impact on the software they produce, yet we know very little about how and when these views are constructed. This paper investigates the security and privacy (S&P) perceptions, experiences, and practices of current Computer Science students at the graduate and undergraduate level using semi-structured interviews. We find that the attitudes of students already match many of those that have been observed in professional level developers. Students have a range of hacker and attack mindsets, lack of experience with security APIs, a mixed view of who is in charge of S&P in the software life cycle, and a tendency to trust other peoples’ code as a convenient approach to rapidly build software. We discuss the impact of our results on both curriculum development and support for professional developers.
CITATION STYLE
Tahaei, M., Jenkins, A., Vaniea, K., & Wolters, M. (2021). “I Don’t Know Too Much About It”: On the Security Mindsets of Computer Science Students. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11739 LNCS, pp. 27–46). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-55958-8_2
Mendeley helps you to discover research relevant for your work.