检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Tiago Espinha Gasiba Ulrike Lechner Maria Pinto-Albuquerque
机构地区:[1]Siemens AG Corporate Technology,Otto-Hahn-Rin 6,81379 Munich,Bavaria,Germany [2]Universität der Bundeswehr München,Munich,Germany [3]Instituto Universitário de Lisboa(ISCTE-IUL),ISTAR-IUL,Lisbon,Portugal
出 处:《Cybersecurity》2020年第1期333-355,共23页网络空间安全科学与技术(英文)
摘 要:Software vulnerabilities,when actively exploited by malicious parties,can lead to catastrophic consequences.Proper handling of software vulnerabilities is essential in the industrial context,particularly when the software is deployed in critical infrastructures.Therefore,several industrial standards mandate secure coding guidelines and industrial software developers’training,as software quality is a significant contributor to secure software.CyberSecurity Challenges(CSC)form a method that combines serious game techniques with cybersecurity and secure coding guidelines to raise secure coding awareness of software developers in the industry.These cybersecurity awareness events have been used with success in industrial environments.However,until now,these coached events took place on-site.In the present work,we briefly introduce cybersecurity challenges and propose a novel platform that allows these events to take place online.The introduced cybersecurity awareness platform,which the authors call Sifu,performs automatic assessment of challenges in compliance to secure coding guidelines,and uses an artificial intelligence method to provide players with solution-guiding hints.Furthermore,due to its characteristics,the Sifu platform allows for remote(online)learning,in times of social distancing.The CyberSecurity Challenges events based on the Sifu platform were evaluated during four online real-life CSC events.We report on three surveys showing that the Sifu platform’s CSC events are adequate to raise industry software developers awareness on secure coding.
关 键 词:CYBERSECURITY AWARENESS Training Artificial intelligence Serious games Secure coding Static application security testing Capture-the-flag Software development in industry
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.112