>> Subject: Re: Security Education in the Workplace >> From: "Secterm ." <securityterminalat_private> >> Date: Mon, 09 Dec 2002 12:33:58 -0700 >> >> >> Most certainly agree. For the past year I've been giving >> presentations and talks for both my employer and at my local college >> on secure coding (and security in general). I've been trying to get a >> class and/or a section dedicated to security at the college for years >> to come now. With no luck I decided just to start giving my own >> talks. I've found that most students are very interested in the topic >> and usually have a turn out of 30 or 40 people. If nothing else I >> find that I learn just as much if not more by preparing and giving the >> talks. >> >> -John. >> >> <snip> >> >>> >>> 1. Developers of course. Like you mention the Boot Camp, and someone >>> had earlier suggested, maybe secure coding ought to merit a >>> chapter in regular programming courses in colleges and universities, >>> if not an entire course. I've had a somewhat similar experience. I've given talks on how to write secure programs, including at FOSDEM. My slides (as well as the book they're based on) are available at http://www.dwheeler.com/secure-programs. Generally, it's been very well attended and received. At FOSDEM, I had 248 attendees, even though I was competing with an extremely interesting talk on another track (specifics about that talk are at http://www.dwheeler.com/essays/fosdem2002.html). Even more interestingly, nearly half (around 150) flooded in _specifically_ for my talk on writing secure programs, and a number left afterwards. I've given the talk at other places too (such as at the Software Productivity Consortium). I definitely agree that info on secure coding ought to be mandatory in colleges and universities, at least as a chapter somewhere. My presentation only takes one hour (it's a very busy hour!). Obviously, a one hour presentation is not going to make any developer an expert on writing secure programs. On the other hand, after a one hour presentation, that developer knows more than 99.99% of all other developers about how to develop secure software, including all the major pitfalls that cover over 98% of the vulnerabilities being currently found. If the goal is to make things better, that DEFINITELY counts as making things better. --- David A. Wheeler dwheelerat_private
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 11:46:02 PST