The goal of this project is to develop a concept inventory for secure programming. A concept inventory is an assessment tool designed to measure an individual’s understanding of concepts in a specific knowledge domain. For this project, the knowledge domain is that of secure, or defensive, programming. The rapid pace of innovation in computer science means that practitioners are needed who are able to write safe computer code, design systems in new ways to respond to new security needs and respond to new threats. This requires that practitioners have a clear understanding of the foundational concepts in secure programming to serve as a basis for building new knowledge and responding to new challenges.
However, there is a lack of tools to reliably measure students’ understanding of foundational concepts. We propose the development of a Secure Programming Concept Inventory (SPCI) designed to measure an individual’s understanding of foundational secure programming concepts. To do this, we will draw on prior work to identify the foundational, knowledge critical concepts in the domain of secure programming. Next, we will identify hard topics and common misconceptions held by students, especially those related to the foundational and critical concepts. We will develop a pool of items that specifically target difficult concepts and misconceptions. This pool will enable us to assess how well students understand and can work with these concepts. Finally, we will test and refine the pool of items to develop a validated secure programming concept inventory. This concept inventory will be developed in three parts each designed to answer specific research questions and produce deliverables.
This project will advance the understanding of how students learn secure programming by identifying major misconceptions and the sources of these misconceptions, and by providing a reliable and validated instrument to aid in assessment and curricular design. This project is a collaboration among researchers at Purdue University, California State University Sacramento, University of California Davis, and California Polytechnic State University San Luis Obispo.
Developing a Secure Programming Concept Inventory. Sponsoring Organization: National Security Agency. Role: PI. Total Award: $299,931. Award: $299,931. 09/13/2017 – 09/12/2019.