
Secure coders' experiences and performances vary greatly and any missed security flaws in source code may lead to costly consequences. Their behavior to analyze source code and develop mitigation techniques is not well understood. Our objective is to gain insight into the strategies and techniques from both novice and experienced developers. Proper understanding can help us to inform inexperienced coders to efficiently and accurately approach, discover, and mitigate security flaws. Our research relies upon eye tracking hardware and software to collect and analyze the eye gazes. Unlike existing approaches, we incorporate a wide range of tasks simultaneously reading documentation, writing code, and using security coding analysis tools. We analyze both static and dynamic (interactive) stimuli in a realistic software development environment. Our pictorial visualizations represent a coder's eye gazes that visually demonstrates their behavior and patterns. In addition, we provide the full context of the stimuli that a participant observed. This allows for investigating the behavior at a range of tasks for a single participant and between participants. Our secure coding tasks include reading documentation, reading source code, and writing source code for a web application as well as utilizing security code scanning tools. Our contributions also include (1) novel visualization techniques to present transitions among components within and between applications, and (2) presentations of coders' attention levels during secure coding by investigating the change of pupil sizes. The eye tracking collection and analysis techniques support both modifiable stimuli and stimuli presented in different sequences based upon individual participant's behavior.
Eye tracking, Computer engineering. Computer hardware, Hands-on education learning, Software vulnerabilities, QA75.5-76.95, Software development coding behaviors, Eye tracking user-interactive stimuli, TK7885-7895, Cybersecurity secure coding, Electronic computers. Computer science
Eye tracking, Computer engineering. Computer hardware, Hands-on education learning, Software vulnerabilities, QA75.5-76.95, Software development coding behaviors, Eye tracking user-interactive stimuli, TK7885-7895, Cybersecurity secure coding, Electronic computers. Computer science
| selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | 2 | |
| popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network. | Average | |
| influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | Average | |
| impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network. | Average |
