Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Where Does Secure Coding Belong In the Curriculum?

From: Stephan.Neuhaus at disi.unitn.it (Stephan Neuhaus)
Date: Fri, 21 Aug 2009 21:35:19 +0200

On Aug 21, 2009, at 17:51, Brad Andrews wrote:


Has anyone who holds to this taught a beginning level programming  
class?


I have.  I taught a security class to undergrads.  It was easier than  
I thought, at least the basics were. I got them excited by a "let's  
try to break things" attitude.  They wrote buffer overflow exploits  
(using freely available shellcode), they cracked linear congruential  
PRNGs, they subverted insecure protocols.  As far as I can tell, they  
had a good time, since I had the highest retention rate for optional  
courses in that year: 40 signed up for the course and 39 took the  
final exam.

Once they understood that the right mind-set is not "oh come on, what  
can possibly go wrong?" but "okay, let's see what *can* go wrong",  
they were on their way.

Stephan
Previous By Date Next
Previous By Thread Next

Current thread: