A Functioning Code May Not Be A Secure Code

A Functioning Code May Not be a Secure Code

Eleanor Roosevelt once said: "Learn from the mistakes of others. You can’t live long enough to make them all yourself". Mistakes are almost inevitable while coding or designing a system. Therefore, patches are created to fix the issues in the code either by a manual review, or through a static analysis tool. Oftentimes, mistakes in programming emanate from lack of skills thus, competence with a particular programming language but negligence also plays a role in other instances. A functioning code that solves a particular problem does not guarantee that the code is secure, hence the code should be structured to meet secure programming guidelines and principles. Most students tend to stop at a functioning code, paying less attention to the security aspects of programming. This has an ultimate impact on the industries where software security gets the priority. Therefore, students should be motivated for practicing secure programming in their academic levels. It will grow their interests in writing professional code from the beginning and raise their values as novel developers to the competing world. How do we bridge the gap between common mistakes made by new developers and professional developers? Strict coding practices must be enforced in academia and an updated database of common errors in programming must be kept as a guide to enrich rookie programmers for the software development industry. New developers also tend to make light of security when writing programs and this becomes a habit that negatively affect software industries. The primary objective of this study is to determine how negligent students are in writing secure code, analyze their complacency and understand the effect it has on new developers in the software development industry. To achieve this objective, two surveys were created. The first survey was to understand students’ views about secure coding and collected code samples from students. The second survey was structured to collect senior managers' view about new developers programmers when they first get started in the programming industry. Codes samples were then analyzed to find frequently occurring common mistakes and then compared students’ common mistakes to Common Vulnerabilities and Exposures database (CWE). Professional developers were also asked about the common mistakes these new developers make to understand what the industry expects from them. The results suggest that students rarely care about security while programming. 60 participants out of 98 focused more on the proper functioning of code as compared to the security aspects of code. About 30% of the participants have never considered the security of a program they developed and 93% of the participants among them intend to pursue a career in a software programming field in the future. Based on these findings, it is essential to strengthen security education at the academic levels so that the students can be conscientious programming professionals. The results of the second survey shows that most managers are concerned about security and expect entry-level programmers to know a thing or two about software security. Close to 90% of managers suggest it will be a good idea for programming students to be knowledgeable about secure programming before they enter the industry.

Report[s] of the Royal Commission Appointed to Inquire Into the Working of the Elementary Education Acts, England and Wales [with Evidence, Etc.] ...

Safety of Computer Control Systems 1986 (Safecomp '86) Trends in Safe Real Time Computer Systems

The proceedings of the fifth workshop in this subject continue the trend set by the previous four and discusses some of the current problems involved in the design and production of safe real-time computer systems. Topics covered include software quality assurance, software fault tolerance, design for safety, and reliability and safety assessment. Every paper details the theoretical and practical problems involved in the development of safe systems and should therefore be of interest to all those involved in systems design.