The field of software development needs developers to write secure code, as well as to continuously respond to evolving threats and adapt system designs to meet new security needs. This requires developers to gain a deep understanding of foundational concepts in secure programming, and continuously learn and practice defensive, secure, and robust coding. Given the current lack of consistent and comprehensive secure programming training in most computing programs, and the need for any training to evolve to meet new requirements, it is essential to have mechanisms that make secure programming training adaptive and intelligent. The goal for this project is to develop one such mechanism, named SecTutor, which is a dual-purpose adaptive testing and intelligent tutoring system. Using SecTutor, learners will be able to identify their current missing knowledge and areas of misunderstanding in secure programming, and access content to improve learning at their own pace. SecTutor will provide immediate feedback and learning analytics to motivate and guide learners.
The project will take an assessment-driven approach for personalized, self-directed learning: a rigorous assessment tests the learner's level of knowledge and skill so that the intelligent tutoring system can calibrate the instruction directly to the learner. Specifically, the first step of the project will be to construct an adaptive test to diagnose learners' current level of foundational understanding in secure programming. This adaptive test will be based on a rigorously constructed secure programming concept inventory. This test will also diagnose what topics the learner is finding difficult or is fundamentally not understanding. The next step of the project will be to build an intelligent tutorial system that will provide both content and guidance for the learner to master secure programming concepts and skills. The third step will be to incorporate learning analytics into the system that will not only provide feedback to individual learners, but also provide mechanisms for instructors to gather information about their learners, compare them to other demographics, analyze secure programming questions, and adapt their curriculum to address specific challenges or customized requirements. SecTutor will eventually be integrated into other existing secure programming resources and will be adopted broadly for secure programming training.
|