The team would like to announce that a research paper out of this research project has been accepted by the 2024 edition of the IEEE Frontier in Education Conference (FIE).

In the paper, we examined a method to use real-world vulnerabilities to motivate computer science students towards learning secure programming. Given the rise in cybersecurity incidents due to programming errors, there is a pressing need to improve programmers’ secure programming skills. Despite educators’ numerous efforts towards this goal, communicating the importance of this training to students remains a challenge. Grounding on the theory of intrinsic motivation, we propose that exposing students to authentic, relatable vulnerabilities can significantly enhance their learning orientation towards secure programming. Our approach involves selecting vulnerabilities from the National Vulnerability Database that are both relatable to students and understandable without extensive external context. These vulnerabilities are transformed into comprehensive course modules, each featuring a demonstrative video, source code snippets of the vulnerability and its patch, and associated developer communications about the vulnerability. We assess the impact of one of our course modules on students’ learning disposition through a study conducted in two universities in an identical setting. The study results indicate that students appreciate seeing real-world vulnerabilities in detail, especially the video we recorded reproducing the vulnerability, and that they gain in self-efficacy after completing the module.

The FIE conference is a premier education conference for engineering disciplines (including Computer Science) began in 1971.