Secure Coding mailing list archives
Where Does Secure Coding Belong In the Curriculum?
From: floodeen at gmail.com (Rob Floodeen)
Date: Fri, 21 Aug 2009 11:02:30 -0400
Gary wrote: "He and I discuss the notion of education versus training at length" And I don't want to bring up the discussion of the difference, however it does get me to think. In CS, we do a lot of Math, but programming is not like Math. Math is easy to verify if it is done correctly. But in programing what does correctly mean? So it has to be taught and incorporated in it's own way. I think a way ahead should consider the following: 1. the instructional staff reads all the code, all the time (But think of how long this would take) 2. a formal method for deducting points from a properly working but incorrectly constructed program (a "Show your work" secure coding equivalent) 3. a capability to verify and reinforce good practices consistently and continually Of course we can teach a class on best practices, things not to do, etc. etc. But how do we continually reinforce it throughout a curriculum or even a career? -Rob Floodeen On Thu, Aug 20, 2009 at 2:55 PM, Gary McGraw<gem at cigital.com> wrote:
hi neil, For what it's worth, there is a list of universities with some kind of software security curriculum on page 98 of "Software Security" <http://swsec.com>. ?Remember, this list was created in 2006, and lots of other universities have jumped on the bandwagon since then. * University of California at Davis * University of Virginia * Johns Hopkins University * Princeton University * Purdue University (especially the CERIAS center) * Rice University * University of California at Berkeley * Stanford University * Naval Postgraduate School (a military school for graduates) * University of Idaho * Iowa State University * George Washington University * United States Military Academy at West Point Matt Bishop made some excellent points in this thread. ?He and I discuss the notion of education versus training at length in Silver Bullet episode 31 <http://www.cigital.com/silverbullet/show-031/> part of which was transcribed here <http://www.cigital.com/silverbullet/shows/silverbullet-031-mbishop.pdf>. gem company www.cigital.com book www.swsec.com On 8/19/09 5:15 PM, "Neil Matatall" <nmatatal at uci.edu> wrote: Inspired by the "What is the size of this list?" discussion, I decided I won't be a lurker :) A question prompted by http://michael-coates.blogspot.com/2009/04/universities-web-app-security.html </redirect?url=http%3A%2F%2Fmichael-coates%2Eblogspot%2Ecom%2F2009%2F04%2Funiversities-web-app-security%2Ehtml&urlhash=c5OA&_t=disc_detail_link> and the OWASP podcast mentions So where does secure coding belong in the curriculum? Higher Ed? ?High School? Undergrad? Grad? Extension? I started a discussion in the Educause group on linked in. ?I guess it requires authentication and possibly group membership: http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&gid=138011&discussionID=5737656 It looks like some Universities are offering courses now... Neil _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Where Does Secure Coding Belong In the Curriculum?, (continued)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 25)
- Functional Correctness Jim Manico (Aug 21)
- Customer Demand Brad Andrews (Aug 21)
- Customer Demand Goertzel, Karen [USA] (Aug 21)
- Customer Demand Brad Andrews (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? Neil Matatall (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? Robert Seacord (Aug 21)
- Grading Secure Programs Brad Andrews (Aug 21)
- Grading Secure Programs Julie J.C.H. Ryan, D.Sc. (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Gunnar Peterson (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Brad Andrews (Aug 21)