Embedding Secure Programming in the Curriculum: Some Lessons Learned
Faculty of Health, Engineering and Science
School of Computer and Security Science / ECU Security Research Institute
Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. One answer is that if code were correct in the first instance, then vulnerabilities would not exist. Security is now seen as an essential part of systems development in several modern methodologies. Unfortunately, the teaching of programming secure software systems is seen as an extra or worse, an impediment to learning programming. This paper presents the case that secure programming should be the norm, rather than the exception and uses a case study to describe the experience of teaching secure programming in an Australian university. It was found that students enjoyed the challenges presented by learning secure programming and expected to use these skills in industry.