Date of Award
1-2023
Document Type
Thesis
Degree Name
Master of Science (MS)
College/School
College of Science and Mathematics
Department/Program
Computer Science
Thesis Sponsor/Dissertation Chair/Project Chair
Kazi Zakia Sultana
Committee Member
Bharath Samanthula
Committee Member
Vaibhav Anu
Abstract
Eleanor Roosevelt once said: "Learn from the mistakes of others. You can’t live long enough to make them all yourself". Mistakes are almost inevitable while coding or designing a system. Therefore, patches are created to fix the issues in the code either by a manual review, or through a static analysis tool. Oftentimes, mistakes in programming emanate from lack of skills thus, competence with a particular programming language but negligence also plays a role in other instances. A functioning code that solves a particular problem does not guarantee that the code is secure, hence the code should be structured to meet secure programming guidelines and principles. Most students tend to stop at a functioning code, paying less attention to the security aspects of programming. This has an ultimate impact on the industries where software security gets the priority. Therefore, students should be motivated for practicing secure programming in their academic levels. It will grow their interests in writing professional code from the beginning and raise their values as novel developers to the competing world. How do we bridge the gap between common mistakes made by new developers and professional developers? Strict coding practices must be enforced in academia and an updated database of common errors in programming must be kept as a guide to enrich rookie programmers for the software development industry. New developers also tend to make light of security when writing programs and this becomes a habit that negatively affect software industries. The primary objective of this study is to determine how negligent students are in writing secure code, analyze their complacency and understand the effect it has on new developers in the software development industry. To achieve this objective, two surveys were created. The first survey was to understand students’ views about secure coding and collected code samples from students. The second survey was structured to collect senior managers' view about new developers programmers when they first get started in the programming industry. Codes samples were then analyzed to find frequently occurring common mistakes and then compared students’ common mistakes to Common Vulnerabilities and Exposures database (CWE). Professional developers were also asked about the common mistakes these new developers make to understand what the industry expects from them. The results suggest that students rarely care about security while programming. 60 participants out of 98 focused more on the proper functioning of code as compared to the security aspects of code. About 30% of the participants have never considered the security of a program they developed and 93% of the participants among them intend to pursue a career in a software programming field in the future. Based on these findings, it is essential to strengthen security education at the academic levels so that the students can be conscientious programming professionals. The results of the second survey shows that most managers are concerned about security and expect entry-level programmers to know a thing or two about software security. Close to 90% of managers suggest it will be a good idea for programming students to be knowledgeable about secure programming before they enter the industry.
File Format
Recommended Citation
Kotey, Jeremiah Niiquaye, "A Functioning Code May Not Be a Secure Code : A Preliminary Study on the Students' Complacency with Secure Coding" (2023). Theses, Dissertations and Culminating Projects. 1215.
https://digitalcommons.montclair.edu/etd/1215