[ISN] Microsoft asks colleges to teach hacking

From: InfoSec News (isnat_private)
Date: Mon Mar 24 2003 - 00:41:30 PST

  • Next message: InfoSec News: "[ISN] Minister urges companies to guard against hacking"

    http://www.infoworld.com/article/03/03/21/HNmsteachhack_1.html
    
    By Joris Evers 
    IDG News Service
    March 21, 2003  
    
    Microsoft is working with a number of universities in several
    countries to set up courses that teach students how to write secure
    code, the company said Friday. The University of Leeds in England is
    the first to announce such a course.
    
    As part of an 11 week module that will start in January next year,
    third-year undergraduates at the University of Leeds will be asked to
    hack into software and fix any security bugs they find, Nick Efford,
    senior teaching fellow at the School of Computing, University of
    Leeds, said.
    
    "We are going to get our students to think about software in a
    different way and look at software with a different perspective. We
    will give them examples of software and will ask them to perform a
    security audit of it and identify things that are insecure and then
    ask them to fix the problems," Efford said.
    
    Students will be confronted with security vulnerabilities such as
    buffer overruns and taught how to prevent those when writing software.  
    That focus on security in software engineering and the hands-on
    experience makes the course different from most existing security
    classes, which typically focus on network security and cryptography,
    according to Efford.
    
    Microsoft is partly funding Efford's fellowship and is helping with
    the curriculum's content. The Redmond, Washington , software maker is
    in talks with other universities on similar programs, Stuart Okin,
    chief security officer for Microsoft in the U.K. said.
    
    "We are talking to a number of universities in the U.S. ," he said. "I
    hope of a world where in a few years' time every computing course is
    teaching some part of writing secure code."
    
    Microsoft's university program is closely linked to its Trustworthy
    Computing initiative, a Microsoft-wide focus on securing its products
    that was launched early last year. As part of that initiative,
    Microsoft halted the development work of thousands of software
    engineers for 10 weeks to train them to look at software like hackers
    do.
    
    Okin would like to see all software vendors share their knowledge with
    academic institutions so future programmers have better security
    knowledge. "The software industry as a whole will want to take on
    people who have this skill set," he said.
    
    That Microsoft is sponsoring the course at the University of Leeds
    does not mean students will only work with Microsoft's technology,
    Efford said. "We are not focusing exclusively on any one vendor's
    technology. We have to equip our students with broad knowledge," he
    said.
    
    Okin agreed: "We need to get input from others as well. Clearly there
    is no point in these undergraduates learning only about Microsoft
    technology. We need a broad approach."
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Mar 24 2003 - 03:43:44 PST