Everyone,
Thank you for all of the input. Really. This information has been
extremely helpful!
Neil
Goertzel, Karen [USA] wrote:
Here's an extract from the Information Assurance Technology Analysis Center (part of
DTIC) "Software Security Assurance: A State of the Art Report"
(http://iac.dtic.mil/iatac/download/security.pdf):
Courses on secure software development, secure programming, etc., typically
begin by introducing common attacks against software-intensive information
systems and the vulnerabilities targeted by those attacks, then progress to
modeling, design, coding, and testing practices that software developers can
adopt
to reduce the likelihood that exploitable vulnerabilities will appear in the
software
they produce. The following is a representative sampling of such courses:
- Arizona State University: Software Security
- Ben-Gurion University (Beer-Sheva, Israel): Security of Software Systems
- Carnegie Mellon University (CMU) and University of Ontario (Canada):
Secure Software Systems
- George Mason University: Secure Software Design and Programming
- George Washington University: Security and Programming Languages
- Catholic University of Leuven (Belgium): Development of Secure Software
- New Mexico Tech: Secure Software Construction
- North Dakota State University: Engineering Secure Software
- Northeastern University: Engineering Secure Software Systems
- Northern Kentucky University, Rochester Institute of Technology, and
University of Denver: Secure Software Engineering
- Polytechnic University: Application Security
- Purdue University: Secure Programming
- Queen’s University (Kingston, ON, Canada): Software Reliability
and Security
- Santa Clara University: Secure Coding in C and C++
- University of California at Berkeley, Walden University (online): Secure
Software Development
- University of California at Santa Cruz: Software Security Testing
- University of Canterbury (New Zealand): Secure Software
- University of Nice Sophia-Antipolis (Nice, France): Formal Methods
and Secure Software
- University of Oxford (UK): Design for Security
- University of South Carolina: Building Secure Software.
As noted earlier, other schools offer lectures on secure coding and other
software security relevant topics within their larger software engineering or
computer security course offerings. At least two universities - the University
of Texas at San Antonio and University of Dublin (Ireland) - have established
reading groups focusing on software security.
As part of its Trustworthy Computing initiative, Microsoft Research
has established its Trustworthy Computing Curriculum program [309] for
promoting university development of software security curricula. Interested
institutions submit proposals to Microsoft, and those that are selected are
provided seed funding for course development.
Another recent trend is post-graduate degree programs with specialties
or concentrations in secure software engineering (or security engineering for
software-intensive systems). Some of these are standard degree programs,
while others are specifically designed for the continuing education of working
professionals. The following are typical examples:
- James Madison University: Master of Science in Computer Science with
a Concentration in Secure Software Engineering
- Northern Kentucky University: Graduate Certificate in Secure
Software Engineering
- Stanford University: Online Computer Security Certificate in Designing
Secure Software From the Ground Up
- University of Colorado at Colorado Springs: Graduate Certificate in
Secure Software Systems
- Walden University (online): Master of Science in Software Engineering
with a Specialization in Secure Computing
- University of Central England at Birmingham: Master of Science in
Software Development and Security
- Chalmers University (Gothenburg, Sweden): Master of Science in
Secure and Dependable Computer Systems.
In another interesting trend (to date, exclusively in non-US schools),
entire academic departments - and in one case a whole graduate school—are
being devoted to teaching and research in software dependability, including
security, e.g.:
- University of Oldenburg (Germany) TrustSoft Graduate School of
Trustworthy Software Systems
- Fraunhofer Institute for Experimental Software Engineering (IESE)
(Kaiserslautern, Germany): Department of Security and Safety
- Bond University (Queensland, Australia): Centre for Software Assurance.
Karen Mercedes Goertzel, CISSP
Associate
703.698.7454
goertzel_ka...@bah.com
________________________________________
From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] On Behalf
Of Gary McGraw [...@cigital.com]
Sent: Thursday, August 20, 2009 2:55 PM
To: Neil Matatall; Secure Code Mailing List
Subject: Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?
hi neil,
For what it's worth, there is a list of universities with some kind of software security
curriculum on page 98 of "Software Security" <http://swsec.com>. Remember,
this list was created in 2006, and lots of other universities have jumped on the bandwagon
since then.
* University of California at Davis
* University of Virginia
* Johns Hopkins University
* Princeton University
* Purdue University (especially the CERIAS center)
* Rice University
* University of California at Berkeley
* Stanford University
* Naval Postgraduate School (a military school for graduates)
* University of Idaho
* Iowa State University
* George Washington University
* United States Military Academy at West Point
Matt Bishop made some excellent points in this thread. He and I discuss the notion of
education versus training at length in Silver Bullet episode 31
<http://www.cigital.com/silverbullet/show-031/> part of which was transcribed here
<http://www.cigital.com/silverbullet/shows/silverbullet-031-mbishop.pdf>.
gem
company www.cigital.com
book www.swsec.com
On 8/19/09 5:15 PM, "Neil Matatall" <nmata...@uci.edu> wrote:
Inspired by the "What is the size of this list?" discussion, I decided I won't
be a lurker :)
A question prompted by
http://michael-coates.blogspot.com/2009/04/universities-web-app-security.html
</redirect?url=http%3A%2F%2Fmichael-coates%2Eblogspot%2Ecom%2F2009%2F04%2Funiversities-web-app-security%2Ehtml&urlhash=c5OA&_t=disc_detail_link>
and the OWASP podcast mentions
So where does secure coding belong in the curriculum?
Higher Ed? High School?
Undergrad? Grad? Extension?
I started a discussion in the Educause group on linked in. I guess it requires
authentication and possibly group membership:
http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&gid=138011&discussionID=5737656
It looks like some Universities are offering courses now...
Neil
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
