Training ≠ education

摘要

In the world of software engineering, security remains a critical issue. Companies lose billions each year because commercial vendors continue to produce exploitable applications. Over 8,000 vulnerabilities were cataloged by the Computer Emergency Response Team in 2006 alone. Despite this alarming statistic, companies still grip the same train-and-certify approach for cultivating security-minded programmers. However, exhibited by the prevalent vulnerabilities still appearing in cyberspace, a new ambitious plan for robust software development must be implemented. This paper addresses the inadequacy of training and encourages the academic community to adopt modern software security essentials into the undergraduate computer science curriculum. This paper also proposes a unique software engineering course targeted to senior-level computer science students that underlines design methods, tools, and standards applicable to writing secure code.