By John Dickson
For nearly two years, I’ve been intrigued by the idea of what industry types like myself can do to better introduce secure coding techniques to students in college. The thinking was this – if we can expose them to these techniques earlier in their coding careers, we will all be better served when they enter the workforce. If, for example, we can introduce future coders to security concepts, like least privilege or defense in depth, they are less likely to make design or coding mistakes that put software – and sensitive customer data – at risk. Given that our mantra at Denim Group is to build a world where software is trusted, we are constantly looking for ways to encourage software developers to embrace the fundamentals of secure software.
Attempts to force universities to teach these concepts have fallen on deaf ears. As Mary Ann Davidson from Oracle has spoken about in the past, attempts to force university professors to teach secure coding techniques produces mixed results. There are many reasons for this, including the snail’s pace of curriculum changes, limited electives dealing with secure software development, and the need to teach a broader set of computer science concepts in a core curriculum. The gist of the story is this: computer science departments across the country are not educating their students on how to build more secure software.
So what should we do, as an industry? In a blog post last year I argued that there are many things industry can do to encourage academia to include defensive programming techniques and to further the concepts of secure software in general. At Denim Group, we are taking this a step further, and today we are announcing that we’re donating our ThreadStrong e-Learning courses on secure development to universities nationwide. We developed these courses to help software developers, and now we’re using them to help future software developers be better at their jobs. With influential universities like Purdue University and Rutgers University already signed up, and more interested every day, we’ll hopefully see the fruits of these efforts in future coders. We hope this makes it easier for professors in computer science departments across the land to include some of these e-Learning courseware into a lecture or lab.
If you have a favorite computer science professor or university that might be interested in taking advantage of the donation, please point them to www.threadstrong.com/educational_partners.html for more information.
john _at_ denimgroup.com