Teaching industry staff on cybersecurity issues is a fundamental activity that must be undertaken in order to guarantee the delivery of successful and robust products to market. Much research attention has been devoted to this topic over the last years. However, the research which has been done has not focused on developing secure code in industrial environments. In this paper we take a look at the constraints and requirements for delivering a training, by means of cybersecurity challenges, that covers secure coding topics from an industry perspective. Using requirements engineering, we aim at understanding the design requirements for such challenges. Along the way, we give details on our experience of delivering cybersecurity challenges in an industrial setting and show the outcome and lessons learned. The proposed requirements for cybersecurity challenges geared towards software developers in an industrial environment are based on systematic literature review, interviews with security experts from the industry and semi-structured evaluation of participant feedback.
翻译:在网络安全问题上,教学行业工作人员必须开展一项基本活动,以确保向市场提供成功和有力的产品。过去几年来,对这一专题进行了大量研究,但研究的重点不是在工业环境中制定安全守则。本文我们研究了通过网络安全挑战提供培训的制约因素和要求,从行业角度讲,培训涉及安全编码问题。我们利用需求工程,目的是了解此类挑战的设计要求。与此同时,我们详细介绍了我们在工业环境中提供网络安全挑战的经验,并展示了成果和经验教训。针对工业环境中软件开发者的拟议网络安全挑战要求以系统文献审查、与行业安全专家的访谈以及对参与者反馈的半结构评价为基础。