Secrious
Serious coding - a game approach to security for the new code-citizens.
The security of software systems is a complex problem impacted by organisation, technology and people. An example of the impact of weak security is shown by the 2019 Cost of a Data Breach report in which the Ponemon Institute for IBM Security estimated that across the United Kingdom, the average cost of a data breach increased from $3.68 million in 2018 to $3.88 million in 2019 (6th highest cost globally when compared to other regions). Software developers are at the forefront of the issue as confirmed by the GitLab’s 2019 Global Developer Report released on 15th July 2019 (https://about.gitlab.com/developer-survey/2019/) which surveyed over 4k software professionals and found that while 69% of developers indicate they are expected to write secure code, nearly half said they struggle to get developers to make remediation of vulnerabilities a priority, and 68% of security professionals feel that fewer than half of developers are able to spot security vulnerabilities later in the life cycle. These dramatic figures are for professionals while the democratisation of software development and deployment enabled by the enormous markets of mobile and Web apps means that many of these apps are not built by professionals.
To assist these code-citizens to become secure code citizens we believe that we can use serious games, which will bring practice and play together to enhance and guide our participants focus. Games are an immersive medium which the project will use to engage code-citizens and deliver an intervention on security matters. Additionally, the process of designing serious games itself elicits the nature of the practice and engages participants in defining how to intervene and act effectively. We propose in this project to put code-citizens at the heart of secure code development by engaging code-citizens in the co-design of serious games for code-citizens. The project will apply an enhanced serious game design for three software security themes that have been informed by industrial practice.
Link to the SECRIOUS project website: https://secrious.github.io/
People
Prof. Lynne Baillie
Principal Investigator
Department of Computer Science (MACS), Heriot-Watt University
Dr Hans-Wolfgang Loidl
Co-Investigator
Department of Computer Science (MACS), Heriot-Watt University
Dr Theodoros Georgiou
Research Associate
Department of Computer Science (MACS), Heriot-Watt University
Olga Chatzifoti
Research Associate
School of Simulation and Visualisation, The Glasgow School of Art
Dr Laura Whyte
Public Engagement Co-ordinator
Department of Computer Science (MACS), Heriot-Watt University
External Collaborators
Civic Digits Theatre Company blends digital technology, gaming and live performance to create innovative and interactive theatre, to question what it means to be a digital human in the 21st century. At the heart of everything we do, is our aim to create a digital future where we all can flourish. We are a feminist, anti-racist and intersectional organisation and we want to encourage young girls to explore STEM subjects and careers.The company was founded in 2018 by award-winning playwright Clare Duffy, after a chance meeting with ethical hacker, Rupert Goodwins. Civic Digit’s first production was The Big Data Show which tells the story of the first prosecuted hack in the UK (which was by Rupert Goodwins).
Funding
Project funded by the Engineering and Physical Sciences Research Council (EPSRC).
Date: 01 August 2020 - 31 July 2023
Value: £ 998,239
EPSRC reference: EP/T017511/1
Contact
Contact us: secrious@gmail.com
or follow us on Twitter @SecriousProject
