Wanted to introduce another worst practice in terms of Universities vs Enterprises that isn't about curriculum but is about knowledge of secure coding. There are user groups such as OWASP where topics such as secure coding are frequently discussed. These events are 100% free to attend and are filled with professionals.
On my side of town, the professors that happen to be adjunct and have a day job in corporations for whatever reason also are not only introducing secure coding techniques into their material, they are encouraging their students to attend our local Hartford OWASP chapter (http://www.owasp.org/index.php/Hartford) Likewise, on numerous occasions, we have reached out and extended the same invite to fulltime professors who have neither made any effort in attending nor even sharing with their students. So, when do we ask the more difficult question of whether current professors are capable of teaching the curriculum in a manner that enables the success for their students... ************************************************************ This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________