"I don't know too much about it": On the Security Mindsets of Computer Science Students

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The security attitudes and approaches of software developers have a large impact on the software they produce, yet we know very little about how and when these views are constructed. This paper investigates the security and privacy (S&P) perceptions, experiences, and practices of current Computer Science students at the graduate and undergraduate level using semi-structured interviews. We find that the attitudes of students already match many of those that have been observed in professional level developers. Students have a range of hacker and attack mindsets, lack of experience with security APIs, a mixed view of who is in charge of S&P in the software life cycle, and a tendency to trust other peoples' code as a convenient approach to rapidly build software. We discuss the impact of our results on both curriculum development and support for professional developers.
Original languageEnglish
Title of host publicationSTAST2019 9th International Workshop on Socio-Technical Aspects in Security and Trust
Number of pages20
ISBN (Electronic)978-1-4503-6357-0
Publication statusE-pub ahead of print - 26 Sep 2019
Event9th International Workshop on Socio-Technical Aspects in Security and Trust - Luxembourg City, Luxembourg
Duration: 26 Sep 201926 Sep 2019
http://stast.uni.lu/index.html

Workshop

Workshop9th International Workshop on Socio-Technical Aspects in Security and Trust
CountryLuxembourg
CityLuxembourg City
Period26/09/1926/09/19
Internet address

Keywords

  • cybersecurity
  • secure programming
  • usable security and privacy
  • software development

Fingerprint Dive into the research topics of '"I don't know too much about it": On the Security Mindsets of Computer Science Students'. Together they form a unique fingerprint.

Cite this