Rochelle Elva, Rollins College, USA

The unfortunate list of software failures, attacks, and other software disasters has made it apparent that software engineers need to produce reliable code. The Department of Homeland Security reports that 90% of software exploits are due to vulnerabilities resulting from defects in code. These defects are easy to exploit. They are potentially dangerous as they create software vulnerabilities that allow hackers to attack software, preventing it from working or compromising sensitive data. Thus, these defects need to be addressed as part of any effort to secure software. An effective strategy for addressing security-related code defects is to use defensive programming methods like security-aware programming. This paper presents TRAC, an approach to teaching security-aware programming. The acronym stands for Teach, Revisit, Apply and Challenge. It also describes the implementation of the approach and the results of a small case study (n = 21), in a senior-level elective course.

Security-Aware Programming, Secure Coding, Software Security, Teaching Secure Coding.