Application of security tot he computing science classroom
Proceedings of the thirty-first SIGCSE technical symposium on Computer science education
Integration of computer security into the software engineering and computer science programs
Journal of Systems and Software - Special issue on software engineering education and training for the next millennium
An empirical study of industrial security-engineering practices
Journal of Systems and Software
Software Engineering and Security Engineering - An Argument for Merger
CSEET '99 Proceedings of the 12th Conference on Software Engineering Education and Training
A Report on Industrial Transfer of Software Engineering to the Classroom Environment
CSEET '00 Proceedings of the 13th Conference on Software Engineering Education & Training
A testbed for SCADA control system cybersecurity research and pedagogy
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138
Hi-index | 0.00 |
As educators plan for curriculum enhancement and modifications to address the net-generation of software engineers, it will be important to communicate the necessity of considering software security engineering as applications are net-enabled. This paper presents a case study where commonly accepted software security engineering principles that have been published and employed for approximately 30 years, are not often seen in an important class of application software today. That class of software is commonly referred to as control system software or supervisory control and data acquisition (SCADA) software which is being used today within critical infrastructures and being net-enabled as it is modernized. This circumstance is driven by evolution and not intention. This paper details several vulnerabilities existing in a specific software application as a case study. These vulnerabilities are a result of not following widely-accepted secure software engineering practices which should have been considered by the software engineers developing the product studied. The applicability of these lessons to the classroom are also established with examples of how they are integrated into software engineering and computer science curricula.