Re: Strategies for teaching secure coding practices

[David Evans <evans () cs virginia edu>]

On Fri, 12 Dec 2003, Carl G. Alphonce wrote:

> I am a recent subscriber to this list and also an educator.  I teach
> primarily undergraduate courses, often the first and second semester
> courses, and I am very interested to hear from the list what you all
> consider to be important "secure coding" topics to cover in these
> first-year classes.  Also, what topics to you feel should be covered
> in an undergraduate curriculum but later than the first year?

The main thing that I feel is wrong with most curricula is they spend the
first 2 or more courses teaching students to write insecure code, and then
(if we're lucky) try to fix this in the later courses.

The approach that I've taken is to have a first course
(http://www.cs.virginia.edu/cs200) that focuses on computer science, but
attempts to avoid things that are hard to do right without security
problems (e.g., avoid complex languages like Java and C++, avoid dealing
with user input, etc.).

Then, the second course (http://www.cs.virginia.edu/cs201j) attempts to
teach software development practices that will result in robust, secure
code.  Two things we focus on particularly are writing good specifications
and documenting and reasoning about invariants (students also use ESC/Java
to check the invariants they are able to document formally).  I wouldn't
claim that most students leave the course being able to produce secure
code, but I think they do leave convinced that this is hard to do and just
testing their code unsystematically is not likely to produce a robust
program.

Cheers,

--- Dave