In an off-line conversation, Holger suggested I put up a pointer to the undergraduate course in "Secure Programming" I offered this past spring in the School of Computer Science at CMU:
https://www.securecoding.cert.org/confluence/display/sci/15392+Secure+Programming This course probably overlaps somewhat with Holger's Secure Coding lectures but also contains additional material. The course uses the Addison-Wesley book "Secure Coding in C and C++" as a text. rCs > I recently completed a lecture on secure software engineering, > and I guess there a quite a few people on this list who could > make use of some of the material, whether for their own presentations > or simply for teaching themselves. > > The lecture was given at Kaiserslautern University of Technology as > 12 lessons of 90 minutes (each comprising about 35 slides) in English; > note that the accompanying student exercise problems are in German, > however. > The chapters (of varying length, as indicated by their mapping to > lessons) > are as follows: > > 01 IT Security and Software Security > 02 Fundamental Notions and Definitions > 03a Vulnerabilities and Attacks (Part 1) > 03b Vulnerabilities and Attacks (Part 2) > 04 Security in the Software Development Process > 05 Security Requirements Elicitation > 06 Threat Analysis > 07a Security in Architecture and Design (Part 1) > 07b Security in Architecture and Design (Part 2) > 08a Secure Coding (Part 1) > 08b Secure Coding (Part 2) > 09 Quality Assurance > 10, 11, 12 Process Models, Usability, and Conclusions > > You can find all the material at > http://www.iese.fraunhofer.de/lectures/peine/materialcourse/ > > This was the first iteration of my first self-designed lecture; it is > certainly not perfect yet (in fact I already have some improvements > sketched for the next iteration, such as reorganizing the process > material), so criticism is welcome. > > I know of few comparable lectures world-wide, i.e. university lectures > covering > security specifically from a software engineering viewpoint; so far, I'm > aware of the lectures by Pascal Meunier at Purdue and by Dieter Gollmann > > at Hamburg-Harburg; if you know of any others, I'd be glad to hear > about > those, too. > > Kind regards from Germany, > Holger Peine > > -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC Work: 412-268-7608 FAX: 412-268-6989 _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________