Print
Discuss
Send to friend
RSS feedsThe latest generation of software developers have little to no experience in how to code secure applications, UK government-sponsored research has revealed.
The government-funded advisory body the Cyber Security Knowledge Transfer Network (KTN) analysed statistics from 75 UK universities which run courses to train future software developers.
It found that only 20 per cent of UK computing undergraduates get more than five hours education on software security. The other 80 per cent receive less than five hours.
"We're not expecting to turn out graduates who are experts in secure software development, but 80 per cent are hardly even being told about it," said John Harrison, chair of the Cyber Security KTN Special Interest Group in Secure Software Development. "If we can create awareness in the next generation of software developers, then when they go out into industry they can create awareness in their own organisations."
Harrison added that the issue of training IT undergraduates in security has not been resolved because "there is no clear owner of the problem".
"There is a huge body of knowledge in the security industry on what can go wrong," he argued. "We need to transfer that knowledge into software development."
Hadrian James of IT management software vendor Compuware, argued that engineering security into the development process from the start removes the need for costly redesigns.
"There is a substantial amount of contact time in a three year undergraduate course," he added. "A lot of time is spent on object design, but security should be one of those objects."
See also:
Microsoft has posted reams of protocol documentation on its MSDN sites 09 Apr 2008
New application SDK released to the first 10,000 lucky developers 08 Apr 2008
Compuware research shows firms are exposing customer data during application testing 08 Jan 2008All Developer
del.icio.us
Digg this
reddit!
