“I Don’t Know Too Much About It”: On the Security Mindsets of Computer Science Students

Mohammad Tahaei*, Adam Jenkins, Kami Vaniea, Maria Wolters

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The security attitudes and approaches of software developers have a large impact on the software they produce, yet we know very little about how and when these views are constructed. This paper investigates the security and privacy (S&P) perceptions, experiences, and practices of current Computer Science students at the graduate and undergraduate level using semi-structured interviews. We find that the attitudes of students already match many of those that have been observed in professional level developers. Students have a range of hacker and attack mindsets, lack of experience with security APIs, a mixed view of who is in charge of S&P in the software life cycle, and a tendency to trust other peoples’ code as a convenient approach to rapidly build software. We discuss the impact of our results on both curriculum development and support for professional developers.

Original languageEnglish
Title of host publicationSocio-Technical Aspects in Security and Trust - 9th International Workshop, STAST 2019, Revised Selected Papers
EditorsThomas Groß, Theo Tryfonas
PublisherSpringer Science and Business Media Deutschland GmbH
Pages27-46
Number of pages20
ISBN (Electronic)978-3-030-55958-8
ISBN (Print)978-3-030-55957-1
DOIs
Publication statusPublished - 10 May 2021
Event9th International Workshop on Socio-Technical Aspects in Security and Trust - Luxembourg, Luxembourg
Duration: 26 Sep 201926 Sep 2019
https://stast2019.uni.lu/index.html

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11739 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference9th International Workshop on Socio-Technical Aspects in Security and Trust
Abbreviated titleSTAST 2019
CountryLuxembourg
CityLuxembourg
Period26/09/1926/09/19
Internet address

Keywords

  • Computer science students
  • Education
  • Secure programming
  • Software developers
  • Software development
  • Usable security

Fingerprint

Dive into the research topics of '“I Don’t Know Too Much About It”: On the Security Mindsets of Computer Science Students'. Together they form a unique fingerprint.

Cite this