Abstract
While developing and deploying software continue to be more broadly accessible, so is the problem caused by these systems' security not being considered enough by their developers and maintainers. We propose to address this developer-centred security issue with serious games (games for which entertainment is not the main purpose) as a means to motivate developers to consider security threats when developing. We have developed a serious game around secure and non-secure programming exercises to investigate if serious gamification helps to improve attitudes or ability with secure programming. We detail the design choices of the game and how it relates to the programming tasks. In particular we present the design choices we made with the intention to replicate a prior study and discuss the tension that arose between replication and intervention. We discuss the results of a pilot study we conducted and present the steps we plan to take going forward into larger studies.
Original language | English |
---|---|
Title of host publication | 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) |
Publisher | IEEE |
Pages | 139-148 |
Number of pages | 10 |
ISBN (Electronic) | 9781728130262 |
DOIs | |
Publication status | Published - 19 Aug 2019 |
Event | EuroUSEC European Workshop on Usable Security 2019 - Stockholm, Sweden Duration: 20 Jun 2019 → 20 Jun 2019 Conference number: 4 https://eusec.cs.uchicago.edu/ |
Workshop
Workshop | EuroUSEC European Workshop on Usable Security 2019 |
---|---|
Abbreviated title | EuroUSEC 2019 |
Country/Territory | Sweden |
City | Stockholm |
Period | 20/06/19 → 20/06/19 |
Internet address |
Keywords
- Developer centred security
- Secure programming
- Serious game intervention
- Serious games
- Study replication
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems and Management
- Safety, Risk, Reliability and Quality