Secure Coding mailing list archives
Where Does Secure Coding Belong In the Curriculum?
From: james.walden at gmail.com (James Walden)
Date: Thu, 20 Aug 2009 11:57:23 -0400
On Wed, Aug 19, 2009 at 5:15 PM, Neil Matatall <nmatatal at uci.edu> wrote:
So where does secure coding belong in the curriculum?
I think secure coding should be taught at the same time that coding is taught. There are aspects of security that can be taught from the beginning, such as input validation and error handling. It's a more efficient and I suspect more effective means of teaching to teach students the best known methods of secure coding first rather than initially teaching them to code insecurely then trying to fix that later. Northern Kentucky University, where I teach, does this in some classes and we're working to move it into all classes. Secure coding is also a large component of our computer security course, and we have a separate secure software engineering class at the graduate level (there is also a security module in the undergraduate software engineering course.) I agree with James McGovern on the need for students to study good and bad code. It has always surprised me how little code reading is done in a typical computer science program, and I think this is particularly important for security. While you can teach students secure coding techniques, they will likely not stick with them once they see examples of bad code elsewhere if they don't understand the reasons why they're using those techniques. That's one reason why a general computer security class is essential to the secure coding curriculum. James Walden Northern Kentucky University http://faculty.cs.nku.edu/~waldenj
Current thread:
- Where Does Secure Coding Belong In the Curriculum? Neil Matatall (Aug 19)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? Pascal Meunier (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? James Walden (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? SC-L Reader Dave Aronson (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 20)
- Security as a part of code quality (Was: Re: Where Does Secure Coding Belong In the Curriculum?) Martin Gilje Jaatun (Aug 20)
- Security as a part of code quality (Was: Re: Where Does Secure Coding Belong In the Curriculum?) Cassidy, Colin (GE Infra, Energy) (Aug 21)
- Security as a part of code quality (Was: Re: Where Does Secure Coding Belong In the Curriculum?) Gary McGraw (Aug 21)
- Functional Correctness Brad Andrews (Aug 21)
- Functional Correctness Gary McGraw (Aug 21)
- Functional Correctness Brad Andrews (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 20)