{"id":"https://openalex.org/W4407950244","doi":"https://doi.org/10.1109/fie61694.2024.10893015","title":"Analysis of Software Vulnerabilities Introduced in Programming Submissions Across Curriculum at Two Higher Education Institutions","display_name":"Analysis of Software Vulnerabilities Introduced in Programming Submissions Across Curriculum at Two Higher Education Institutions","publication_year":2024,"publication_date":"2024-10-13","ids":{"openalex":"https://openalex.org/W4407950244","doi":"https://doi.org/10.1109/fie61694.2024.10893015"},"language":"en","primary_location":{"id":"doi:10.1109/fie61694.2024.10893015","is_oa":false,"landing_page_url":"https://doi.org/10.1109/fie61694.2024.10893015","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE Frontiers in Education Conference (FIE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043279780","display_name":"Andrew Sanders","orcid":"https://orcid.org/0009-0004-7158-0097"},"institutions":[{"id":"https://openalex.org/I25041050","display_name":"Augusta University","ror":"https://ror.org/012mef835","country_code":"US","type":"education","lineage":["https://openalex.org/I25041050"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Andrew Sanders","raw_affiliation_strings":["School of Computer and Cyber Science, Augusta University,Augusta,USA"],"affiliations":[{"raw_affiliation_string":"School of Computer and Cyber Science, Augusta University,Augusta,USA","institution_ids":["https://openalex.org/I25041050"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004483487","display_name":"Gursimran Walia","orcid":"https://orcid.org/0000-0002-4029-6227"},"institutions":[{"id":"https://openalex.org/I25041050","display_name":"Augusta University","ror":"https://ror.org/012mef835","country_code":"US","type":"education","lineage":["https://openalex.org/I25041050"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gursimran Singh Walia","raw_affiliation_strings":["School of Computer and Cyber Science, Augusta University,Augusta,USA"],"affiliations":[{"raw_affiliation_string":"School of Computer and Cyber Science, Augusta University,Augusta,USA","institution_ids":["https://openalex.org/I25041050"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5014676760","display_name":"Andrew Allen","orcid":"https://orcid.org/0000-0003-0244-3123"},"institutions":[{"id":"https://openalex.org/I39815113","display_name":"Georgia Southern University","ror":"https://ror.org/04agmb972","country_code":"US","type":"education","lineage":["https://openalex.org/I39815113"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Andrew Allen","raw_affiliation_strings":["Georgia Southern University,Department of Computer Science,Statesboro,USA"],"affiliations":[{"raw_affiliation_string":"Georgia Southern University,Department of Computer Science,Statesboro,USA","institution_ids":["https://openalex.org/I39815113"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5043279780"],"corresponding_institution_ids":["https://openalex.org/I25041050"],"apc_list":null,"apc_paid":null,"fwci":0.9971,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.81408021,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9842000007629395,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9842000007629395,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9552000164985657,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10533","display_name":"Teaching and Learning Programming","score":0.9348000288009644,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6797072887420654},{"id":"https://openalex.org/keywords/curriculum","display_name":"Curriculum","score":0.612104058265686},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.5242255330085754},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4247607886791229},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.360124409198761},{"id":"https://openalex.org/keywords/mathematics-education","display_name":"Mathematics education","score":0.3552415370941162},{"id":"https://openalex.org/keywords/sociology","display_name":"Sociology","score":0.1749194860458374},{"id":"https://openalex.org/keywords/pedagogy","display_name":"Pedagogy","score":0.13279050588607788},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.089387446641922}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6797072887420654},{"id":"https://openalex.org/C47177190","wikidata":"https://www.wikidata.org/wiki/Q207137","display_name":"Curriculum","level":2,"score":0.612104058265686},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.5242255330085754},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4247607886791229},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.360124409198761},{"id":"https://openalex.org/C145420912","wikidata":"https://www.wikidata.org/wiki/Q853077","display_name":"Mathematics education","level":1,"score":0.3552415370941162},{"id":"https://openalex.org/C144024400","wikidata":"https://www.wikidata.org/wiki/Q21201","display_name":"Sociology","level":0,"score":0.1749194860458374},{"id":"https://openalex.org/C19417346","wikidata":"https://www.wikidata.org/wiki/Q7922","display_name":"Pedagogy","level":1,"score":0.13279050588607788},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.089387446641922}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/fie61694.2024.10893015","is_oa":false,"landing_page_url":"https://doi.org/10.1109/fie61694.2024.10893015","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 IEEE Frontiers in Education Conference (FIE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":3,"referenced_works":["https://openalex.org/W3127782461","https://openalex.org/W4200090870","https://openalex.org/W4392186376"],"related_works":["https://openalex.org/W2348562106","https://openalex.org/W2370820329","https://openalex.org/W2370554813","https://openalex.org/W2387560707","https://openalex.org/W2363525455","https://openalex.org/W4312355418","https://openalex.org/W4362576712","https://openalex.org/W2314810092","https://openalex.org/W2384329035","https://openalex.org/W2373380871"],"abstract_inverted_index":{"This":[0],"full":[1],"research":[2,105,135,267],"paper":[3],"describes":[4],"the":[5,32,58,63,76,92,101,152,174,196,236,251,265,272,285,355],"analysis":[6,142,252],"of":[7,114,154,176,195,239,246,253,335,360],"common":[8,115,211,237,274],"software":[9,50,217,240,275,384],"vulnerabilities":[10,51,116,155,177,201,241,254,276,292,361,375],"that":[11,122,305,374],"are":[12,202,222,262,271],"introduced":[13,362],"by":[14,157,179,204,278,377],"students":[15,52,82,158,180,306,378],"enrolled":[16],"in":[17,29,47,69,181,354,363,394],"four-year":[18,197],"computing":[19,102,279,286,356],"and":[20,90,117,172,210,215,228,288,320,332,348,407,411],"cybersecurity":[21,408],"majors":[22,280],"from":[23,186,250,256],"two":[24,187],"different":[25,170,188,193,282],"higher":[26,189],"education":[27,37,190],"institutions":[28,191],"Georgia.":[30],"As":[31],"demand":[33],"for":[34,86,396,404],"secure":[35,88,397],"coding":[36,398],"continues":[38],"to":[39,44,62,74,111,126,213,234,259,311,342,351,391],"grow,":[40],"pedagogical":[41,77],"improvements":[42],"need":[43,350],"be":[45,72,112,352],"made":[46],"identifying":[48],"key":[49],"commit":[53],"during":[54],"code":[55,89,96,132,168,185,365],"development":[56],"(from":[57],"first":[59],"programming":[60,119],"course":[61,346,368],"exit":[64],"senior":[65],"design":[66,410],"capstone)":[67],"which":[68,206],"turn":[70],"can":[71],"analyzed":[73,166],"inform":[75],"interventions":[78],"focused":[79,107,138,353],"at":[80,159,281],"preparing":[81],"with":[83,382],"skill":[84],"sets":[85],"writing":[87],"entering":[91],"professional":[93],"workforce.":[94],"While":[95],"security":[97],"is":[98,106,207],"emphasized":[99],"throughout":[100,294],"curriculum,":[103],"this":[104,163],"on":[108,131,139],"training":[109],"individuals":[110],"aware":[113],"tailoring":[118],"concept":[120],"knowledge":[121],"has":[123,136],"been":[124],"shown":[125],"have":[127,379,402],"a":[128,208,392],"positive":[129],"effect":[130],"security.":[133],"Existing":[134],"mainly":[137],"developing":[140],"vulnerability":[141,385],"tools":[143],"rather":[144],"than":[145],"collecting":[146],"data":[147],"(and":[148],"subsequently":[149],"analyzing)":[150],"regarding":[151],"types":[153,175,238],"produced":[156,178,277,376],"their":[160,182,295],"institutions.":[161],"In":[162],"paper,":[164],"we":[165],"student":[167,226],"across":[169,192,243,344],"courses":[171,258],"reported":[173,200],"assignment":[183,364],"submission":[184,227],"levels":[194,283,347],"curriculum.":[198,357],"The":[199,219,358],"grouped":[203,224],"CWE-ID,":[205],"standard":[209],"way":[212],"categorize":[214],"identify":[216],"vulnerabilities.":[218],"resulting":[220],"CWE-IDs":[221],"then":[223],"per":[225,229],"semester":[230],"(across":[231],"curriculum":[232,296,409],"levels)":[233],"discover":[235],"committed":[242],"cross":[244],"sections":[245],"students.":[247],"Our":[248,400],"results":[249],"(ranging":[255],"CS1":[257],"capstone":[260],"courses)":[261],"organized":[263],"around":[264],"following":[266],"questions:":[268],"1)":[269],"What":[270],"most":[273],"through":[284],"curriculum?;":[287],"2)":[289],"Do":[290],"these":[291],"persist":[293,343],"as":[297,326,367],"they":[298],"advance":[299],"into":[300],"higher-level":[301],"courses?":[302],"We":[303,371],"report":[304],"commonly":[307,387],"make":[308],"mistakes":[309],"related":[310],"variable":[312],"usage,":[313],"null":[314],"pointer":[315],"checks,":[316],"hard-coding":[317],"sensitive":[318],"information,":[319],"improperly":[321],"validating":[322],"input.":[323],"Vulnerabilities":[324],"such":[325],"CWE-489":[327],"(\u201c":[328],"Active":[329],"Debug":[330],"Code\u201d)":[331,340],"CWE-215":[333],"(\u201cInsertion":[334],"Sensitive":[336],"Information":[337],"Into":[338],"Debugging":[339],"tend":[341],"multiple":[345],"may":[349],"number":[359],"increases":[366],"complexity":[369],"increases.":[370],"also":[372],"find":[373],"little":[380],"overlap":[381],"what":[383],"researchers":[386],"study,":[388],"potentially":[389],"leading":[390],"mismatch":[393],"priority":[395],"topics.":[399],"findings":[401],"implications":[403],"computer":[405],"science":[406],"delivery.":[412]},"counts_by_year":[{"year":2025,"cited_by_count":2}],"updated_date":"2025-12-21T01:58:51.020947","created_date":"2025-10-10T00:00:00"}