Foundations for Security Aware Software Development Education

Abstract

Software vulnerability is part and parcel of modern information systems. Even though eliminating all vulnerability is not possible, reducing exploitable code can be accomplished long term by laying the right programming foundations. We argue that the current hot topic of so-called "secure coding" represents commonly taught coding techniques to ensure robustness, rather than any commonly understood concept of security. In this paper, we show how rigorous coding techniques should be woven into the fabric of computer science curriculum and ultimately should be distinguished from requirements-driven security techniques. Coding for security is useless without rigorous fault-tolerant coding techniques. However, the two are best separated pedagogically with a reinforcing theme in educational environments. This instructional paradigm shift will ultimately produce programmers, developers, and software engineers who habitually create security aware software.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 22, 2005
Accession Number
ADA441224

Entities

People

  • Jeffrey T. Mcdonald

Organizations

  • Florida State University

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes
  • Space

DTIC Thesaurus Topics

  • Air Force
  • Authentication
  • Beta Testing
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Education
  • Engineering
  • Language
  • Models
  • Operating Systems
  • Programming Languages
  • Reliability
  • Security
  • Software Development
  • Test Methods

Fields of Study

  • Computer science
  • Engineering

Readers

  • Computer Programming and Software Development.
  • STEM Education
  • Systems Analysis and Design