Educating Students to Create Trustworthy Systems

Swart, Richard; Erbacher, Robert F.

doi:10.1109/msp.2007.58

Cited by 11 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence, risk management is an essential topic in any software engineering course. There are many ways to introduce the concept of risk management to the class, such as using games [14], risk assessment tools [7], or educational case studies [10] [13]. In our CSCI577-graduate level software engineering class, as part of the software development process, student teams learn how to identify, analyze, mitigate and manage the risks in their real-client team projects [5].…”

Section: Introductionmentioning

confidence: 99%

A look at software engineering risks in a team project course

Koolmanojwong

Boehm

2013

2013 26th International Conference on Software Engineering Education and Training (CSEE&T)

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

A look at software engineering risks in a team project course

Koolmanojwong

Boehm

2013

2013 26th International Conference on Software Engineering Education and Training (CSEE&T)

View full text Add to dashboard Cite

show abstract

“…Swart and Erbacher [13] point out that "Dealing with epidemic-style attacks will require focused effort in software engineering to develop secure code, but the solution will also require systems that account for the human factors that spread such attacks, including social engineering and end-user psychology".…”

Section: The State Of Secure Programming In Universitiesmentioning

confidence: 99%

Embedding Secure Programming in the Curriculum: Some Lessons Learned

Johnstone¹

2013

IJET

View full text Add to dashboard Cite

Abstract-Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. One answer is that if code were correct in the first instance, then vulnerabilities would not exist. Security is now seen as an essential part of systems development in several modern methodologies. Unfortunately, the teaching of programming secure software systems is seen as an extra or worse, an impediment to learning programming. This paper presents the case that secure programming should be the norm, rather than the exception and uses a case study to describe the experience of teaching secure programming in an Australian university. It was found that students enjoyed the challenges presented by learning secure programming and expected to use these skills in industry.Index Terms-Information systems security, secure programming, applications development.

show abstract

“…In general, computer security instructors tend to focus [15] on topics such as access control, encryption, security models, etc., while Certified Information Systems Security Professionals (CISSP) cite their top five priorities as: upper management support, user awareness and training, malware, patch management, vulnerability and risk assessment. These were consistently ranked lower by the computer science faculty.…”

Section: Security Coursesmentioning

confidence: 99%

“…Consequently, many of the topics deemed important for the industry are not covered in a typical computer security course. In [15] it is argued that including risk assessment and modeling in traditional computer security courses can provide significant improvement and that students need background in HCI principles and Usable Security. We feel that CS faculty should consider broadening their topics list to include some of these areas.…”

Section: Security Coursesmentioning

confidence: 99%

A method for incorporating usable security into computer security courses

George

Klems

Valeva

2013

Proceeding of the 44th ACM Technical Symposium on Computer Science Education

View full text Add to dashboard Cite

Since human factor security exploits are on the rise, ensuring Usable Security has become extremely important for the overall security of computer systems. However, traditional undergraduate computer security curriculum focuses heavily on technical aspects of security and generally ignores Usable Security. To address this problem, we developed a new 3P Learning Method that encourages students to view security problems from three different perspectives (i.e. 3P), namely: Defense, Offense, and Use. The 3P Method lets us incorporate Usable Security into the existing curriculum and helps students to consider Usable Security as an integral part of secure system design rather than an optional add-on.

show abstract

Educating Students to Create Trustworthy Systems

Cited by 11 publications

References 5 publications

A look at software engineering risks in a team project course

A look at software engineering risks in a team project course

Embedding Secure Programming in the Curriculum: Some Lessons Learned

A method for incorporating usable security into computer security courses

Contact Info

Product

Resources

About