Many industrial IT security standards and policies mandate the usage of a secure coding methodology in the software development process. This implies two different aspects: first, secure coding must be based on a set of secure coding guidelines, and second software developers must be aware of these secure coding practices. On the one side, secure coding guidelines seems a bit like a black-art: while there exist abstract guidelines that are widely accepted, low-level secure coding guidelines for different programming languages are scarce. On the other side, once a set of secure coding guidelines is chosen, a good methodology is needed to make them known by the people which should be using them, i.e. software developers. Motivated both by the secure coding requirements from industry standards and also by the mandate to train staff on IT security by the global industry initiative "Charter of Trust", this paper presents an overview of important research questions on how to choose secure coding guidelines and on how to raise software developer awareness for secure coding using serious games.

中文翻译：

---

为行业中的软件开发人员提高安全编码意识

许多工业IT安全标准和策略都要求在软件开发过程中使用安全的编码方法。这意味着两个不同的方面：首先，安全编码必须基于一组安全编码准则，其次，软件开发人员必须了解这些安全编码实践。一方面，安全编码准则似乎有点像一门黑手艺：虽然存在被广泛接受的抽象准则，但用于不同编程语言的低级安全编码准则却很少。另一方面，一旦选择了一组安全的编码准则，就需要一种好的方法来使应该使用它们的人员（即软件开发人员）知道它们。