Learning Principles and the Secure Programming Clinic

Several academic institutions have run a clinic on robust and secure programming. Each time a clinic was run, it was associated with a specific class. Using pre- and post-class evaluation instruments, it is clear that the effect of the secure programming clinic on students’ understanding of secure programming was generally positive. However, in some instances the clinic was underutilized, and in other cases it could not be run at other institutions. The goal of this paper is to examine the structure of the clinic in light of five basic learning principles, and provide information about when a clinic will not improve students’ understanding, and when it will. We validate this by examining an instance of the secure programming clinic, and show how the learning principles explain the improvement in student grades, or lack thereof. From this, we draw conclusions about ways to make the clinic more effective, and when it will not be effective.

[1]  J. Creswell Qualitative inquiry and research design: Choosing among five approaches, 2nd ed. , 2007 .

[2]  Anne Wescott Dodd Unleashing the Power of Perceptual Change: The Potential of Brain-Based Teaching. By Renate Nummela Caine and Geoffrey Caine. Alexandria, Va.: Association for Supervision and Curriculum Development, 1997 , 1998 .

[3]  CORPORATE The Joint Task Force on Computing Curricula,et al.  Computing curricula 2001 , 2001, JERC.

[4]  Rita Smilkstein We're Born to Learn: Using the Brain's Natural Learning Process to Create Today's Curriculum. Second Edition. , 2002 .

[5]  Debbie I. Craig,et al.  Brain-compatible learning: principles and applications in athletic training. , 2003, Journal of athletic training.

[6]  Patricia Darnell Product Review: Jump Start the Adult Learner: How to Engage and Motivate Adults Using Brain-Compatible Strategies , 2006 .

[7]  Judy Lombardi,et al.  Beyond Learning Styles: Brain-Based Research and English Language Learners , 2008 .

[8]  Matt Bishop,et al.  A Clinic for "Secure" Programming , 2010, IEEE Security & Privacy.

[9]  Matt Bishop,et al.  Secure Coding Education: Are We Making Progress? , 2012 .

[10]  Mangal Sain,et al.  Survey on malware evasion techniques: State of the art and challenges , 2012, 2012 14th International Conference on Advanced Communication Technology (ICACT).

[11]  Nicoletta Adamo-Villani,et al.  Using a Serious Game Approach to Teach Secure Coding in Introductory Programming: Development and Initial Findings , 2012 .

[12]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[13]  Nikolai Tillmann,et al.  Gamifying software security education and training via secure coding duels in code hunt , 2015, HotSoS.

[14]  Melissa Dark,et al.  Teach the Hands, Train the Mind ... A Secure Programming Clinic , 2015 .

[15]  Johan Van Niekerk,et al.  The effectiveness of brain-compatible blended learning material in the teaching of programming logic , 2016, Comput. Educ..

[16]  Heather Richter Lipford,et al.  Comparing Educational Approaches to Secure programming: Tool vs. TA , 2017, SOUPS.