Inspired by the What is the size of this list? discussion, I decided I
won't be a lurker :)
A question prompted by
http://michael-coates.blogspot.com/2009/04/universities-web-app-security.html
Here is where my enterpriseyness will show. I believe the answer to the
question of where secure coding belongs in the curiculum is somewhat
flawed and requires addressing the curiculum holistically.
If you go to art school, you are required to study the works of the
masters. You don't attempt
Another lurker revealing himself ... my name is Matt Bishop, and I
lurk at the University of California at Davis where I teach and do
research in lots of areas of computer security, including (surprise!)
what is traditionally called secure programming and secure software
development. For
I'm more devious. I think what needs to happen is that we need to redefine what
we mean by functionally correct or quality code. If determination of
functional correctness were extended from must operate as specified under
expected conditions to must operate as specified under all conditions,
Rafael -- to clarify concretely:
There are quite a few researchers that attack/exploit embedded
systems. Some google searches will probably provide you with names.
None of the folks I know of that actively work on exploiting embedded
systems are on this listbut I figure if I know a handful
hi neil,
For what it's worth, there is a list of universities with some kind of software
security curriculum on page 98 of Software Security http://swsec.com.
Remember, this list was created in 2006, and lots of other universities have
jumped on the bandwagon since then.
* University of
