Improving Industrial Cybersecurity Training: Insights into Code Reviews Using Eye-Tracking

Authors Samuel Riegel Correia , Maria Pinto-Albuquerque , Tiago Espinha Gasiba , Andrei-Cristian Iosif



PDF
Thumbnail PDF

File

OASIcs.ICPEC.2024.17.pdf
  • Filesize: 0.63 MB
  • 9 pages

Document Identifiers

Author Details

Samuel Riegel Correia
  • Instituto Universitário de Lisboa (ISCTE-IUL), ISTA, Portugal
Maria Pinto-Albuquerque
  • Instituto Universitário de Lisboa (ISCTE-IUL), ISTAR, Portugal
Tiago Espinha Gasiba
  • Siemens AG, München, Germany
Andrei-Cristian Iosif
  • Universität der Bundeswehr München, Germany
  • Siemens AG, München, Germany

Cite AsGet BibTex

Samuel Riegel Correia, Maria Pinto-Albuquerque, Tiago Espinha Gasiba, and Andrei-Cristian Iosif. Improving Industrial Cybersecurity Training: Insights into Code Reviews Using Eye-Tracking. In 5th International Computer Programming Education Conference (ICPEC 2024). Open Access Series in Informatics (OASIcs), Volume 122, pp. 17:1-17:9, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2024)
https://doi.org/10.4230/OASIcs.ICPEC.2024.17

Abstract

In industrial cybersecurity, effective mitigation of vulnerabilities is crucial. This study investigates the importance of code reviews among cybersecurity professionals and analyses their performance in identifying vulnerabilities using eye-tracking technology. With the insights gained from this study, we aim to inform future tools and training in cybersecurity, particularly in the context of code reviews. Through a survey of industry experts, we reveal what tasks industry professionals consider the most important in mitigating cybersecurity vulnerabilities. A study was conducted to analyse how industrial cybersecurity professionals look at code during code reviews. We determined the types of issues our participants most easily discovered and linked our results with patterns and data obtained from an eye-tracking device used during the study. Our findings underscore the pivotal role of code reviews in cybersecurity and provide valuable insights for industrial professionals and researchers alike.

Subject Classification

ACM Subject Classification
  • Security and privacy → Software and application security
  • Software and its engineering → Collaboration in software development
  • Information systems → Open source software
  • Security and privacy → Vulnerability management
Keywords
  • code review
  • cybersecurity
  • development lifecycle
  • eye-tracking

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads

References

  1. Federal Cyber Security Authority. The state of it security in germany in 2023. Federal Office for Information Security, 2023. Google Scholar
  2. Leon Bernard, Sagar Raina, Blair Taylor, and Siddharth Kaza. Minimizing cognitive load in cyber learning materials -– an eye tracking study. In ACM Symposium on Eye Tracking Research and Applications, volume PartF169257. Association for Computing Machinery, May 2021. URL: https://doi.org/10.1145/3448018.3458617.
  3. Teresa Busjahn, Simon, and James H. Paterson. Looking at the main method - an educator’s perspective. In Otto Seppälä and Andrew Petersen, editors, Koli Calling '21: 21st Koli Calling International Conference on Computing Education Research, Joensuu, Finland, November 18 - 21, 2021. Association for Computing Machinery, November 2021. URL: https://doi.org/10.1145/3488042.3488068.
  4. Daniel Kyle Davis and Feng Zhu. Understanding and improving secure coding behavior with eye tracking methodologies. In J. Morris Chang, Dan Lo, and Eric Gamess, editors, Proceedings of the 2020 ACM Southeast Conference, ACM SE '20, Tampa, FL, USA, April 2-4, 2020, ACM SE '20, pages 107-114, New York, NY, USA, 2020. Association for Computing Machinery. URL: https://doi.org/10.1145/3374135.3385293.
  5. Daniel Kyle Davis and Feng Zhu. Analysis of software developers’ coding behavior: A survey of visualization analysis techniques using eye trackers. Computers in Human Behavior Reports, 7, August 2022. URL: https://doi.org/10.1016/j.chbr.2022.100213.
  6. Peter Leo Gorski, Sebastian Möller, Stephan Wiefling, and Luigi Lo Iacono. 'i just looked for the solution!'on integrating security-relevant information in non-security api documentation to support secure coding practices. IEEE Transactions on Software Engineering, 48:3467-3484, September 2022. URL: https://doi.org/10.1109/TSE.2021.3094171.
  7. Zohreh Sharafi, Yu Huang, Kevin Leach, and Westley Weimer. Toward an objective measure of developers' cognitive activities. ACM Transactions on Software Engineering and Methodology, 30, May 2021. URL: https://doi.org/10.1145/3434643.
  8. Zohreh Sharafi, Bonita Sharif, Yann Gaël Guéhéneuc, Andrew Begel, Roman Bednarik, and Martha Crosby. A practical guide on conducting eye tracking studies in software engineering. Empirical Software Engineering, 25:3128-3174, September 2020. URL: https://doi.org/10.1007/s10664-020-09829-4.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail