Build It, Break It, Fix It Contests: Motivated Developers Still Make Security Mistakes. Daniel Votipka, Kelsey R. Fulton, James Parker, Matthew Hou, Michelle L. Mazurek, and Michael Hicks. ;login;, 45(4), winter 2020.

Secure software development is a challenging task requiring consideration of many possible threats and mitigations. We reviewed code submitted by 94 teams in a secure-programming contest designed to mimic real-world constraints—correctness, performance, and security. We found that the competitors, many of whom were experienced programmers and had just completed a 24-week cybersecurity course sequence with specific instruction on secure coding and cryptography, still introduced several vulnerabilities (182 across all teams), mostly due to misunderstandings of security concepts. We explain our methodology, discuss trends in the types of vulnerabilities introduced, and offer suggestions for avoiding the kinds of problems we encountered.

http ]

@article{votipka20bibifilogin,
  title = {Build It, Break It, Fix It Contests: Motivated Developers Still Make Security Mistakes},
  journal = {;login;},
  month = {winter},
  year = 2020,
  volume = {45},
  number = {4},
  author = {Daniel Votipka and Kelsey R. Fulton and James Parker and Matthew Hou and Michelle L. Mazurek and Michael Hicks}
}

This file was generated by bibtex2html 1.99.