Threading secure coding principles and risk analysis into the undergraduate computer science and information systems curriculum

Authors:
Blair Taylor;Shiva Azadegan
Affiliations:
Towson University;Towson University
Venue:
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Year:
2006

Citing 11
Cited 6

Writing Secure Code

Writing Secure Code
Integrating Security into the Curriculum

Computer
Secure Coding: Principles and Practices

Secure Coding: Principles and Practices
A dedicated undergraduate track in computer security education

Security education and critical infrastructures
An undergraduate track in computer security

Proceedings of the 8th annual conference on Innovation and technology in computer science education
Threat Modeling

Threat Modeling
Exploiting Software: How to Break Code

Exploiting Software: How to Break Code
Secure Software Development by Example

IEEE Security and Privacy
Teaching Secure Programming

IEEE Security and Privacy
Software Security: Building Security In

Software Security: Building Security In
Teaching Robust Programming

IEEE Security and Privacy

Moving beyond security tracks: integrating security in cs0 and cs1

Proceedings of the 39th SIGCSE technical symposium on Computer science education
Impact of inheritance on vulnerability propagation at design phase

ACM SIGSOFT Software Engineering Notes
Interactive support for secure programming education

Proceeding of the 44th ACM technical symposium on Computer science education
Vulnerability of the day: concrete demonstrations for software engineering undergraduates

Proceedings of the 2013 International Conference on Software Engineering
Security teaching modules for computer science courses

Journal of Computing Sciences in Colleges
Toward software assurance: infusing a threat modeling methodology into beginning level programming courses

Journal of Computing Sciences in Colleges

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most computer security issues can be attributed to software vulnerabilities. The number of software vulnerabilities continues to increase. Building secure systems requires incorporating security principles early and throughout the software development life cycle. Education of current and future software developers must include secure coding and design principles. Towson University, as a designated National Center of Academic Excellence in Information Security and Assurance Education, presents the ideal platform for a "security across the curriculum" effort. To supplement our undergraduate security track for computer science majors, we propose threading security touchpoints and risk analysis into the core courses and a subset of follow-up courses. This plan includes sample labs to enforce secure coding mantras, a black hat/white hat approach for identifying and mitigating risks, and evaluation and assessment using checklists and scorecards.