Learning Software Security in Context

Abstract

Learning software security has become a complex and difficult task today than it was even a decade ago. With the increased complexity of computer systems and a variety of applications, it is hard for software developers to master the expertise required to deal with the variety of security concepts, methods, and technologies that are required in software projects. Although a large number of security learning materials are widely available in books, open literature or on the Internet, they are difficult for learners to understand the rationale of security topics and correlate the concepts with real software scenarios. We argue that the traditional approach, which usually organizes knowledge content topically, with security-centric, is not suitable to motivate learners and stimulate learners' interest. To tackle this learning issue, our research is focused on forging a contextualized learning environment for software security where learners can explore security knowledge and relate it to the context that they are familiar with. This learning system is developed base on our proposed context-based learning approach and based on ontological technologies. In this paper, we present our evaluation study in the open source software (OSS) development environment. Our results demonstrate that contextualized learning can help OSS developers identify their necessary security information, improve learning efficiency and make security knowledge more meaningful for their software development tasks