As the number of software vulnerabilities discovered increases, the industry is facing difficulties to find specialists to cover the vacancies for security software developers. Considering relevant teaching and learning theories, along with existing approaches in software security education, we present the pedagogic rationale and the concrete…

Software security is inevitably dependent on developers' ability to to design and implement software without security bugs. Perhaps unsurprisingly, developers often fail to do this. Our goal is to understand this from a usability perspective, identifying how we might best train developers and equip them with the right software tools. To this end,…

Information Technology (IT) skills gap discourse suggests a mismatch between what students are acquiring in terms of knowledge and skills in their education versus what employers believe are useful skills for doing day to day tasks. This study builds upon previous research (analyzing the skills of college students in IT-related majors) by…

Analysis of programming process data has become popular in computing education research and educational data mining in the last decade. This type of data is quantitative, often of high temporal resolution, and it can be collected non-intrusively while the student is in a natural setting. Many levels of granularity can be obtained, such as…

Many of the software security vulnerabilities that people face today can be remediated through secure coding practices. A critical step toward the practice of secure coding is ensuring that our computing students are educated on these practices. We argue that secure coding education needs to be included across a computing curriculum. We are…

This paper presents the results of a comparison study between graduate students taking a software security course at an American university and international working professionals taking a version of the same course online through a free massive open online course (MOOC) created in the Google CourseBuilder learning environment. A goal of the study…

Despite the critical societal importance of computer security, security is not well integrated into the undergraduate computing curriculum. Security classes and tracks treat security issues as separable topics as opposed to fundamental issues that pervade all aspects of software development. Recently, there has been an increasing focus on security…

Software vulnerabilities originating from insecure code are one of the leading causes of security problems people face today. Unfortunately, many software developers have not been adequately trained in writing secure programs that are resistant from attacks violating program confidentiality, integrity, and availability, a style of programming…

In recent years, schools (as well as universities) have added cyber security to their computer science curricula. This topic is still new for most of the current teachers, who would normally have a standard computer science background. Therefore the teachers are trained and then teaching their students what they have just learned. In order to…

With today's high demand for online applications and services running on the Internet, software has become a vital component in our lives. With every revolutionary technology comes challenges unique to its characteristics; for online applications, security is one huge concern and challenge. Currently, there are several schemes that address…

Online education and computer-assisted instruction (CAI) have existed for years, but few general tools exist to help instructors create and evaluate lessons. Are these tools sufficient? Specifically, what elements do instructors want to see in online testing tools? This study asked instructors from various disciplines to identify and evaluate the…

With increasing demand of mobile devices and cloud computing, it becomes increasingly important to develop efficient mobile application and its secured backend, such as web applications and virtualization environment. This dissertation reports a systematic study of mobile application development and the security issues of its related backend. …

This dissertation deals with a multiterminal source model for secret key generation by multiple network terminals with prior and privileged access to a set of correlated signals complemented by public discussion among themselves. Emphasis is placed on a characterization of secret key capacity, i.e., the largest rate of an achievable secret key,…

Purpose: Facing the dilemma between collaboration and privacy is a continual challenge for users. In this setting, the purpose of this paper is to discuss issues of a highly flexible role management integrated in a privacy-enhanced collaborative environment (PECE). Design/methodology/approach: The general framework was provided by former findings…

The Association Supporting Computer Users in Education (ASCUE) is a group of people interested in small college computing issues. It is a blend of people from all over the country who use computers in their teaching, academic support, and administrative support functions. Begun in 1968 as the College and University Eleven-Thirty Users' Group…