In an off-line conversation, Holger suggested I put up a pointer to the
undergraduate course in "Secure Programming" I offered this past spring
in the School of Computer Science at CMU:

This course probably overlaps  somewhat with Holger's Secure Coding
lectures but also contains additional material.

The course uses the Addison-Wesley book "Secure Coding in C and C++" as
a text.


> I recently completed a lecture on secure software engineering,
> and I guess there a quite a few people on this list who could
> make use of some of the material, whether for their own presentations
> or simply for teaching themselves.
> The lecture was given at Kaiserslautern University of Technology as 
> 12 lessons of 90 minutes (each comprising about 35 slides) in English; 
> note that the accompanying student exercise problems are in German,
> however. 
> The chapters (of varying length, as indicated by their mapping to
> lessons) 
> are as follows:
> 01    IT Security and Software Security
> 02    Fundamental Notions and Definitions
> 03a   Vulnerabilities and Attacks (Part 1)
> 03b   Vulnerabilities and Attacks (Part 2) 
> 04    Security in the Software Development Process
> 05    Security Requirements Elicitation 
> 06    Threat Analysis
> 07a   Security in Architecture and Design (Part 1)
> 07b   Security in Architecture and Design (Part 2)
> 08a   Secure Coding (Part 1) 
> 08b   Secure Coding (Part 2)
> 09    Quality Assurance
> 10, 11, 12 Process Models, Usability, and Conclusions 
> You can find all the material at
> This was the first iteration of my first self-designed lecture; it is 
> certainly not perfect yet (in fact I already have some improvements
> sketched for the next iteration, such as reorganizing the process
> material), so criticism is welcome. 
> I know of few comparable lectures world-wide, i.e. university lectures
> covering 
> security specifically from a software engineering viewpoint; so far, I'm
> aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann
> at Hamburg-Harburg;  if you know of any others, I'd be glad to hear
> about 
> those, too.
> Kind regards from Germany,
> Holger Peine

Robert C. Seacord
Senior Vulnerability Analyst

Work: 412-268-7608
FAX: 412-268-6989

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to