{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T19:34:54Z","timestamp":1772134494008,"version":"3.50.1"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030587925","type":"print"},{"value":"9783030587932","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58793-2_18","type":"book-chapter","created":{"date-parts":[[2020,8,30]],"date-time":"2020-08-30T23:04:02Z","timestamp":1598828642000},"page":"223-237","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Design of Secure Coding Challenges for Cybersecurity Education in the Industry"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1462-6701","authenticated-orcid":false,"given":"Tiago","family":"Gasiba","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4286-3184","authenticated-orcid":false,"given":"Ulrike","family":"Lechner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2725-7629","authenticated-orcid":false,"given":"Maria","family":"Pinto-Albuquerque","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8809-7657","authenticated-orcid":false,"given":"Alae","family":"Zouitni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,8,31]]},"reference":[{"key":"18_CR1","doi-asserted-by":"crossref","unstructured":"Acar, Y., Stransky, C., Wermke, D., Weir, C., Mazurek, M.L., Fahl, S.: Developers need support, too: a survey of security advice for software developers. In: 2017 IEEE Cybersecurity Development (SecDev), pp. 22\u201326. IEEE, September 2017","DOI":"10.1109\/SecDev.2017.17"},{"issue":"5","key":"18_CR2","doi-asserted-by":"publisher","first-page":"1081","DOI":"10.20965\/jdr.2017.p1081","volume":"12","author":"T Aoyama","year":"2017","unstructured":"Aoyama, T., Nakano, T., Koshijima, I., Hashimoto, Y., Watanabe, K.: On the complexity of cybersecurity exercises proportional to preparedness. J. Disaster Res. 12(5), 1081\u20131090 (2017)","journal-title":"J. Disaster Res."},{"key":"18_CR3","doi-asserted-by":"crossref","unstructured":"Barela, J., Gasiba, E.T., Suppan, S., Berges, M., Beckers, K.: When interactive graphic storytelling fails. In: 2019 IEEE 27th International Requirements Engineering Conference Workshops (REW), pp. 164\u2013169. IEEE, September 2019","DOI":"10.1109\/REW.2019.00034"},{"key":"18_CR4","unstructured":"Beuran, R., Chinen, K.I., Tan, Y., Shinoda, Y.: Towards effective cybersecurity education and training. Research report. School of Information Science, Graduate School of Advanced Science and Technology, Japan Advanced Institute of Science and Technology. IS-RR-2016, April 2016, pp. 1\u201316 (2016)"},{"key":"18_CR5","unstructured":"Carnegie Mellon University: SEI-CERT coding standards. https:\/\/wiki.sei.cmu.edu\/confluence\/display\/seccode"},{"key":"18_CR6","unstructured":"Chung, K., Cohen, J.: Learning obstacles in the capture the flag model. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 2014). USENIX Association, San Diego (2014)"},{"key":"18_CR7","unstructured":"CTFtime team: CTFTime - all about CTF. https:\/\/ctftime.org"},{"key":"18_CR8","unstructured":"Davis, A., Leek, T., Zhivich, M., Gwinnup, K., Leonard, W.: The fun and future of CTF. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 2014). USENIX Association, San Diego (2014)"},{"key":"18_CR9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40612-1","volume-title":"Serious Games: Foundations, Concepts and Practice","author":"R D\u00f6rner","year":"2016","unstructured":"D\u00f6rner, R., G\u00f6bel, S., Effelsberg, W., Wiemeyer, J.: Serious Games: Foundations, Concepts and Practice, 1st edn. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-40612-1","edition":"1"},{"key":"18_CR10","unstructured":"Gasiba, T., Beckers, K., Suppan, S., Rezabek, F.: On the requirements for serious games geared towards software developers in the industry. In: Damian, D.E., Perini, A., Lee, S. (eds.) 27th IEEE International Requirements Engineering Conference, RE 2019, Jeju Island, Korea (South), 23\u201327 September 2019. IEEE (2019)"},{"key":"18_CR11","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1016\/j.jss.2018.02.041","volume":"140","author":"D Graziotin","year":"2018","unstructured":"Graziotin, D., Fagerholm, F., Wang, X., Abrahamsson, P.: What happens when software developers are (un)happy. J. Syst. Softw. 140, 32\u201347 (2018)","journal-title":"J. Syst. Softw."},{"key":"18_CR12","volume-title":"Survey Methodology","author":"RM Groves","year":"2009","unstructured":"Groves, R.M., Fowler, F., Couper, M., Lepkowski, J., Singer, E.: Survey Methodology, 2nd edn. Wiley, Hoboken (2009)","edition":"2"},{"key":"18_CR13","doi-asserted-by":"publisher","first-page":"35","DOI":"10.13053\/rcs-146-1-4","volume":"146","author":"H Gonzalez","year":"2017","unstructured":"Gonzalez, H., Llamas, R., Ordaz, F.: Cybersecurity teaching through gamification: aligning training resources to our syllabus. Res. Comput. Sci. 146, 35\u201343 (2017). https:\/\/doi.org\/10.13053\/rcs-146-1-4","journal-title":"Res. Comput. Sci."},{"key":"18_CR14","doi-asserted-by":"crossref","unstructured":"H\u00e4nsch, N., Zinaida, B.: Specifying IT security awareness. In: 25th International Workshop on Database and Expert Systems Applications, Munich, Germany, pp. 326\u2013330, September 2014","DOI":"10.1109\/DEXA.2014.71"},{"key":"18_CR15","unstructured":"IEC 62443-4-1: Security for industrial automation and control systems - part 4\u20131: secure product development lifecycle requirements. Standard, International Electrotechnical Commission, January 2018"},{"key":"18_CR16","unstructured":"ISO: ISO 250xx Series. Standard, International Organization for Standardization, Geneva, CH (2005). http:\/\/iso25000.com\/index.php\/en\/iso-25000-standards"},{"key":"18_CR17","unstructured":"ISO 27002: Information technology - security techniques - code of practice for information security controls. Standard, International Organization for Standardization, Geneva, CH, October 2013"},{"key":"18_CR18","doi-asserted-by":"publisher","first-page":"439","DOI":"10.1007\/978-3-319-54395-6_53","volume-title":"The Palgrave Handbook of Survey Research","author":"JA Krosnick","year":"2018","unstructured":"Krosnick, J.A.: Questionnaire design. In: Vannette, D.L., Krosnick, J.A. (eds.) The Palgrave Handbook of Survey Research, pp. 439\u2013455. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-54395-6_53"},{"key":"18_CR19","unstructured":"Mirkovic, J., Peterson, P.: Class capture-the-flag exercises. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 2014) (2014)"},{"key":"18_CR20","unstructured":"Nance, K., Hay, B., Bishop, M.: Secure coding education: are we making progress? In: 16th Colloquium for Information Systems Security Education, pp. 83\u201388, June 2012"},{"key":"18_CR21","unstructured":"OWASP Top 10. https:\/\/www.owasp.org\/images\/7\/72\/OWASP_Top_10-2017_(en).pdf. Accessed June 2019"},{"key":"18_CR22","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"86","DOI":"10.1007\/978-3-319-91602-6_6","volume-title":"Agile Processes in Software Engineering and Extreme Programming","author":"TD Oyetoyan","year":"2018","unstructured":"Oyetoyan, T.D., Milosheska, B., Grini, M., Soares Cruzes, D.: Myths and facts about static application security testing tools: an action research at telenor digital. In: Garbajosa, J., Wang, X., Aguiar, A. (eds.) XP 2018. LNBIP, vol. 314, pp. 86\u2013103. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-91602-6_6"},{"key":"18_CR23","unstructured":"Patel, S.: 2019 global developer report: DevSecOps finds security roadblocks divide teams, July 2020. https:\/\/about.gitlab.com\/blog\/2019\/07\/15\/global-developer-report\/. Accessed 15 July 2019"},{"issue":"2","key":"18_CR24","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1109\/MS.2018.2883354","volume":"36","author":"M Rodriguez","year":"2019","unstructured":"Rodriguez, M., Piattini, M., Ebert, C.: Software verification and validation technologies and tools. IEEE Softw. 36(2), 13\u201324 (2019)","journal-title":"IEEE Softw."},{"key":"18_CR25","unstructured":"SAFECode charter members: SAFECode - software assurance forum for excellence in code. https:\/\/safecode.org"},{"key":"18_CR26","unstructured":"Schneier, B.: Software developers and security, July 2020. https:\/\/www.schneier.com\/blog\/archives\/2019\/07\/software_develo.html. Accessed 25 July 2019"},{"key":"18_CR27","unstructured":"Schonlau, M., Couper, M.: Semi-automated categorization of open-ended questions. Surv. Res. Methods 10(2), 143\u2013152 (2016). https:\/\/ojs.ub.uni-konstanz.de\/srm\/article\/view\/6213"},{"issue":"4","key":"18_CR28","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1109\/32.799955","volume":"25","author":"C Seaman","year":"1999","unstructured":"Seaman, C.: Qualitative methods in empirical studies of software engineering. IEEE Trans. Softw. Eng. 25(4), 557\u2013572 (1999)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"18_CR29","unstructured":"Smith, C.: Content analysis and narrative analysis. In: Handbook of Research Methods in Social and Personality Psychology, pp. 313\u2013335 (2000)"},{"issue":"2","key":"18_CR30","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1016\/j.hrmr.2017.11.003","volume":"29","author":"MJ Tews","year":"2019","unstructured":"Tews, M.J., Noe, R.A.: Does training have to be fun? A review and conceptual model of the role of fun in workplace training. Hum. Resour. Manag. Rev. 29(2), 226\u2013238 (2019)","journal-title":"Hum. Resour. Manag. Rev."},{"key":"18_CR31","doi-asserted-by":"publisher","first-page":"35","DOI":"10.7748\/ns2008.02.22.23.35.c6420","volume":"22","author":"L Whiting","year":"2008","unstructured":"Whiting, L.: Semi-structured interviews: guidance for novice researchers. Nurs. Stand. 22, 35\u201340 (2008)","journal-title":"Nurs. Stand."},{"key":"18_CR32","doi-asserted-by":"crossref","unstructured":"Woody, C., Ellison, R., Nichols, W.: Predicting cybersecurity using quality data. In: 2015 IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1\u20135. IEEE (2015)","DOI":"10.1109\/THS.2015.7225327"},{"issue":"5","key":"18_CR33","doi-asserted-by":"publisher","first-page":"910","DOI":"10.1007\/s11390-016-1672-0","volume":"31","author":"XL Yang","year":"2016","unstructured":"Yang, X.L., Lo, D., Xia, X., Wan, Z.Y., Sun, J.L.: What security questions do developers ask? A large-scale study of stack overflow posts. J. Comput. Sci. Technol. 31(5), 910\u2013924 (2016)","journal-title":"J. Comput. Sci. Technol."}],"container-title":["Communications in Computer and Information Science","Quality of Information and Communications Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58793-2_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T08:35:13Z","timestamp":1619253313000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58793-2_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030587925","9783030587932"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58793-2_18","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"31 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"QUATIC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on the Quality of Information and Communications Technology","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Faro","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Portugal","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"quatic2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2020.quatic.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"81","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}