Well, I never recieved any replies here on what's already being done.. so
now, I am asking for ideas on how we can approach schools. What's needed,
in order for basic CS classes to have a security orientation?
Most CS professors have little awareness about security in general or secure programming techniques in specific, so I think awareness is the place we need to start. I've been giving workshops in secure programming and software security targeted at CS educators since 2005 and will be giving workshops in both areas in March at the largest annual gathering of CS educators, the ACM SIGCSE Conference ( http://www.cs.potsdam.edu/sigcse07/index.html).
Software security awareness is growing these days. I've seen software security and/or secure programming classes appear at a couple dozen security focused CS departments in the last couple of years, including my own. I teach relevant software security topics in my classes, and I know professors at a few universities who are working on a variety of approaches to introducing secure programming into CS1 and CS2.
I'm currently surveying a variety of introductory CS textbooks in C, C++, and Java to look for security errors in their examples. If you know of any such errors, I'd appreciate getting an e-mail from you with the information about the error. I plan to use the data as part of a paper on teaching secure programming in early CS classes and will acknowledge any contributions in the paper.
James Walden
Assistant Professor, NKU
http://www.nku.edu/~waldenj1/
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
