EPSRC logo

Details of Grant 

EPSRC Reference: EP/T017511/1
Title: Serious Coding: A Game Approach To Security For The New Code-Citizens
Principal Investigator: Baillie, Professor L
Other Investigators:
Reed, Dr A Stewart, Dr R Loidl, Dr H
Louchart, Dr SJ Maarek, Dr M
Researcher Co-Investigators:
Ms DAH Abbott
Project Partners:
Department: S of Mathematical and Computer Sciences
Organisation: Heriot-Watt University
Scheme: Standard Research
Starts: 01 August 2020 Ends: 31 July 2023 Value (£): 998,239
EPSRC Research Topic Classifications:
Software Engineering
EPSRC Industrial Sector Classifications:
No relevance to Underpinning Sectors
Related Grants:
Panel History:
Panel DatePanel NameOutcome
22 Oct 2019 People at the Heart of Software Engineering Announced
11 Nov 2019 People at the Heart of Software Engineering Interviews Announced
Summary on Grant Application Form
The security of software systems is a complex problem impacted by organisation, technology and people. An example of the impact of weak security is shown by the 2019 Cost of a Data Breach report in which the Ponemon Institute for IBM Security estimated that across the United Kingdom, the average cost of a data breach increased from $3.68 million in 2018 to $3.88 million in 2019 (6th highest cost globally when compared to other regions). Software developers are at the forefront of the issue as confirmed by the GitLab's 2019 Global Developer Report released on 15th July 2019 (https://about.gitlab.com/developer-survey/2019/) which surveyed over 4k software professionals and found that while 69% of developers indicate they are expected to write secure code, nearly half said they struggle to get developers to make remediation of vulnerabilities a priority, and 68% of security professionals feel that fewer than half of developers are able to spot security vulnerabilities later in the lifecycle. These dramatic figures are for professionals while the democratisation of software development and deployment enabled by the enormous markets of mobile and Web apps means that many of these apps are not built by professionals.

With the democratisation of software development and deployment, comes the widening of the issues of code security and safety. At the heart of this democratisation are the new code-citizens who are code- literate, able to build and run their own software code. However, they may have had no formal software engineering training and are often outside of the software industry which normally inculcate good practice via house standards. As new citizens, they need to discover, understand, and exercise their rights and duties among a society living with software systems. Their understanding of the security implications of their coding is of fundamental importance to the security of software systems. Recent research (Fischer et al, 2017) revealed that of the 1.3 million Android applications that contained security-related code snippets from Stack Overflow 97.9% contained at least one insecure code snippet.

To assist these code-citizens to become secure code citizens we believe that we can use serious games, which will bring practice and play together to enhance and guide our participants focus. Games are an immersive medium which the project will use to engage code-citizens and deliver an intervention on security matters. Additionally, the process of designing serious games itself elicits the nature of the practice and engages participants in defining how to intervene and act effectively. We propose in this project to put code-citizens at the heart of secure code development by engaging code-citizens in the co-design of serious games for code-citizens. The project will apply an enhanced serious game design for three software security themes that have been informed by industrial practice.

Key Findings
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Potential use in non-academic contexts
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Impacts
Description This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Summary
Date Materialised
Sectors submitted by the Researcher
This information can now be found on Gateway to Research (GtR) http://gtr.rcuk.ac.uk
Project URL:  
Further Information:  
Organisation Website: http://www.hw.ac.uk