TRUSTing Mary Ann Davidson
Yesterday, Mary Ann Davidson had a fascinating post about the classics of Western literature. As usual for Mary Ann, the apparent basis of the post is really just exposition for her main point. In this case, the thrust of her post is the need for developers to have more training in secure coding at the university level. Mary Ann and several others have started working with several universities (including UC Berkeley, Stanford and CMU) and corporations (including GE, Sun and Visa) to produce such a curriculum. They are calling this program “The Team for Research in Ubiquitous Secure Technology” or TRUST and have bunch of resources and information online.
[Edit: Gunnar Peterson over at 1 Raindrop points out that: Ken Van Wyk and John Steven have an article “Essential Factors for Successful Software Security Awareness Training” in the current issue of IEEE Security and Privacy, that is also relevant to the general issue.]
So, is the cirriculum any good? Would you suggest to your VP HR that they give preferential treatment to students coming from those schools?
Unfortunately they don’t have any of the curriculum up yet, but they do have the pdfs up from several past seminars/classes which are interesting.
Yeah gods, save us from the learned goody-goodies. We can either learn about facts and dates and participles, or we can learn about systems and causality and history, it seems. If the poster had spent more time on the latter she would have realised that the canon on secure coding was dropped from university curricula, and who was responsible for our loss.
Who was responsible? I’m immensely curious.
There’s a cannon on secure coding? Do tell!
The cannons fire for the immensely curious:
How the Classical Scholars dropped security from the canon of Computer Science
PS: note spelling is canon not cannon 🙂