Integrating security-related coding techniques into programming practice

  • Authors:
  • Victor Shtern

  • Affiliations:
  • Boston University, Boston, MA

  • Venue:
  • SEA '07 Proceedings of the 11th IASTED International Conference on Software Engineering and Applications
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

Programming computer applications has always been about sharing and reuse. Different members of development team shared data (as global variables) and shared algorithms (as function code). As applications grew in size and complexity, sharing resulted in unwanted links between subsystems. Global variables and functions became frowned upon and eventually made illegal. The advent of the Internet brought new threats. Since modern programming languages do not support security directly, we build security algorithmically. Thus, software professionals have to learn how to prevent security threats. Meanwhile, when most software professionals were going to school, security awareness was not part of the curriculum. This is why the degree of security awareness among many software professionals remains low. This has to change. This paper describes the efforts to educate software developers at Boston University Metropolitan College. The first direction is adding security-related courses to university degree programs designed for working software professionals. The second direction is integrating security-related topics into existing programming courses. We found that even introductory programming courses could accommodate a number of security-oriented topics provided these topics are adapted to the appropriate level. Learning these topics early prepares software professionals for the further study of the field of software security.