Apertem os Cintos. . . o Copiloto Sumiu! O Impacto do Ensino de Programação Segura em Computação
Resumo
Disciplinas voltadas à programação de computadores são fundamentais nos cursos de computação. No entanto, muitos currículos não enfatizam adequadamente técnicas de programação segura, formando profissionais que, embora capazes de desenvolver software, não o fazem de maneira segura. Neste trabalho, foram analisados 85 questionários respondidos por estudantes de dois cursos da área. Os alunos foram divididos em dois grupos: aqueles que se consideravam aptos a programar com segurança e aqueles que não se consideravam capazes. Os resultados são preocupantes, revelando que não há diferença significativa na capacidade de programação segura entre os grupos. Além disso, comparou-se o desempenho de estudantes que tiveram aulas de programação básica com introdução simultânea de técnicas de programação segura com o de estudantes que cursaram apenas a programação convencional. Novamente, não foram observadas diferenças significativas, indicando que o ensino de técnicas de programação segura durante o aprendizado inicial de programação pode não ser suficiente, ou mesmo adequado, para promover o domínio dessas práticas.Referências
Barnum, S. and McGraw, G. (2005). Knowledge for software security. IEEE Security and Privacy, 3(2):74–78.
CERT/SEI (2024). CERT secure coding standards. [link].
Chi, H., Jones, E. L., and Brown, J. (2013). Teaching secure coding practices to stem students. In Proceedings of the 2013 on InfoSecCD ’13: Information Security Curriculum Development Conference, InfoSecCD ’13, page 42–48, New York, NY, USA. Association for Computing Machinery.
Espinha Gasiba, T., Oguzhan, K., Kessba, I., Lechner, U., and Pinto-Albuquerque, M. (2023). I’m Sorry Dave, I’m Afraid I Can’t Fix Your Code: On ChatGPT, CyberSecurity, and Secure Coding. In Peixoto de Queirós, R. A. and Teixeira Pinto, M. P., editors, 4th International Computer Programming Education Conference (ICPEC 2023), volume 112 of Open Access Series in Informatics (OASIcs), pages 2:1–2:12, Dagstuhl, Germany. Schloss Dagstuhl – Leibniz-Zentrum für Informatik.
Evans, D. and Larochelle, D. (2002). Splint - annotation-assisted static program checker. [link].
Hong, H., Woo, S., and Lee, H. (2021). Dicos: Discovering insecure code snippets from stack overflow posts by leveraging user discussions. In Proceedings of the 37th Annual Computer Security Applications Conference, ACSAC ’21, page 194–206, New York, NY, USA. Association for Computing Machinery.
Howard, M. and LeBlanc, D. (2003). Writing Secure Code. Microsoft Press, 2 edition.
Kruger, J. and Dunning, D. (1999). Unskilled and unaware of it: how difficulties in recognizing one’s own incompetence lead to inflated self-assessments. Journal of personality and social psychology, 77(6):1121.
Lam, J., Fang, E., Almansoori, M., Chatterjee, R., and Soosai Raj, A. G. (2022). Identifying gaps in the secure programming knowledge and skills of students. In Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1, SIGCSE 2022, page 703–709, New York, NY, USA. Association for Computing Machinery.
McGraw, G. (2006). Software Security: Building Security In. Addison-Wesley.
Pugh, B. and Loskutov, B. (2015). Findbugs - find bugs in java programs. [link].
Rahman, A., Farhana, E., and Imtiaz, N. (2019). Snakes in paradise?: Insecure python-related coding practices in stack overflow. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), pages 200–204.
Seacord, R. C. (2013). Secure Coding in C and C++. Addison-Wesley, 2 edition.
Singleton, L., Zhao, R., Song, M., and Siy, H. (2020). Cryptotutor: Teaching secure coding practices through misuse pattern detection. In Proceedings of the 21st Annual Conference on Information Technology Education, SIGITE ’20, page 403–408, New York, NY, USA. Association for Computing Machinery.
Taylor, B., Bishop, M., Hawthorne, E., and Nance, K. (2013). Teaching secure coding: the myths and the realities. In Proceeding of the 44th ACM Technical Symposium on Computer Science Education, SIGCSE ’13, page 281–282, New York, NY, USA. Association for Computing Machinery.
Viega, J. and McGraw, G. (2001). Building Secure Software. Addison-Wesley.
Votipka, D., Fulton, K. R., Parker, J., Hou, M., Mazurek, M. L., and Hicks, M. (2020). Understanding security mistakes developers make: qualitative analysis from build it, break it, fix it. In Proceedings of the 29th USENIX Conference on Security Symposium, USA. USENIX Association.
CERT/SEI (2024). CERT secure coding standards. [link].
Chi, H., Jones, E. L., and Brown, J. (2013). Teaching secure coding practices to stem students. In Proceedings of the 2013 on InfoSecCD ’13: Information Security Curriculum Development Conference, InfoSecCD ’13, page 42–48, New York, NY, USA. Association for Computing Machinery.
Espinha Gasiba, T., Oguzhan, K., Kessba, I., Lechner, U., and Pinto-Albuquerque, M. (2023). I’m Sorry Dave, I’m Afraid I Can’t Fix Your Code: On ChatGPT, CyberSecurity, and Secure Coding. In Peixoto de Queirós, R. A. and Teixeira Pinto, M. P., editors, 4th International Computer Programming Education Conference (ICPEC 2023), volume 112 of Open Access Series in Informatics (OASIcs), pages 2:1–2:12, Dagstuhl, Germany. Schloss Dagstuhl – Leibniz-Zentrum für Informatik.
Evans, D. and Larochelle, D. (2002). Splint - annotation-assisted static program checker. [link].
Hong, H., Woo, S., and Lee, H. (2021). Dicos: Discovering insecure code snippets from stack overflow posts by leveraging user discussions. In Proceedings of the 37th Annual Computer Security Applications Conference, ACSAC ’21, page 194–206, New York, NY, USA. Association for Computing Machinery.
Howard, M. and LeBlanc, D. (2003). Writing Secure Code. Microsoft Press, 2 edition.
Kruger, J. and Dunning, D. (1999). Unskilled and unaware of it: how difficulties in recognizing one’s own incompetence lead to inflated self-assessments. Journal of personality and social psychology, 77(6):1121.
Lam, J., Fang, E., Almansoori, M., Chatterjee, R., and Soosai Raj, A. G. (2022). Identifying gaps in the secure programming knowledge and skills of students. In Proceedings of the 53rd ACM Technical Symposium on Computer Science Education - Volume 1, SIGCSE 2022, page 703–709, New York, NY, USA. Association for Computing Machinery.
McGraw, G. (2006). Software Security: Building Security In. Addison-Wesley.
Pugh, B. and Loskutov, B. (2015). Findbugs - find bugs in java programs. [link].
Rahman, A., Farhana, E., and Imtiaz, N. (2019). Snakes in paradise?: Insecure python-related coding practices in stack overflow. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR), pages 200–204.
Seacord, R. C. (2013). Secure Coding in C and C++. Addison-Wesley, 2 edition.
Singleton, L., Zhao, R., Song, M., and Siy, H. (2020). Cryptotutor: Teaching secure coding practices through misuse pattern detection. In Proceedings of the 21st Annual Conference on Information Technology Education, SIGITE ’20, page 403–408, New York, NY, USA. Association for Computing Machinery.
Taylor, B., Bishop, M., Hawthorne, E., and Nance, K. (2013). Teaching secure coding: the myths and the realities. In Proceeding of the 44th ACM Technical Symposium on Computer Science Education, SIGCSE ’13, page 281–282, New York, NY, USA. Association for Computing Machinery.
Viega, J. and McGraw, G. (2001). Building Secure Software. Addison-Wesley.
Votipka, D., Fulton, K. R., Parker, J., Hou, M., Mazurek, M. L., and Hicks, M. (2020). Understanding security mistakes developers make: qualitative analysis from build it, break it, fix it. In Proceedings of the 29th USENIX Conference on Security Symposium, USA. USENIX Association.
Publicado
24/11/2025
Como Citar
LOBKOV, Nadia Luana; ALMEDIA, Paulo Ricardo Lisboa de; GRÉGIO, André Ricardo Abed; PEREIRA, José Alexandre D’Abruzzo.
Apertem os Cintos. . . o Copiloto Sumiu! O Impacto do Ensino de Programação Segura em Computação. In: SIMPÓSIO BRASILEIRO DE INFORMÁTICA NA EDUCAÇÃO (SBIE), 36. , 2025, Curitiba/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 1445-1456.
DOI: https://doi.org/10.5753/sbie.2025.12961.
