Securing the world's technological resources has become one of the largest challenges of modern day. From healthcare to national security, power grids to public safety, the world is reliant on computer systems and their ability to perform in a safe and secure manner. To this end, higher education must graduate software developers who comprehend the importance of security and take steps to ensure the safety of our technological systems. Unfortunately, academia's efforts are falling short as the world continues to experience a shortage of these individuals.In this dissertation, I present a novel educational approach to improve on academia's current methods of secure programming instruction. Known as ESIDE: Educational Security in the IDE, it complements current methods of instruction (e.g., modified courses, elective courses, security tracks) by infusing instructional guidance and materials in a contextually based real-time manner into the student's IDE in a method similar to Microsoft's Grammar Check (a.k.a., green squiggly). The effect of which is an exponential increase in exposure to the principles and practices of secure coding. I designed the ESIDE to provide an interactive educational experience for all levels of programming students across the curriculum. Currently, it runs as a plugin for the Eclipse IDE and monitors the student's code writing process for potentially vulnerable code patterns. When vulnerable code is discovered, ESIDE initiates an educational process based on the type of vulnerability discovered. I have evaluated this model in formative and summative studies at multiple institutions and educational levels and have received promising results. I plan to continue implementing lessons learned and knowledge gained into future research so that I might create a more robust educational resource.
