Universities fail to produce secure programmers

Powered by SC Magazine
 

Further pressure has been put on educational institutions to improve their security training. In the wake of SANS calls to ‘shame the computer science departments’ Simon Perry, vice president of security strategy at Computer Associates raised the issue again at the SC Conference in London, UK.

Talking about a leading European IT university's programming course, Perry claimed: "There was not a single lecture on secure coding. That's a pretty sad indictment of where the security industry stands today".

Despite angry denials that universities are under performing, most notably from Cambridge's Ross Anderson, the suggestion is that learning functional rather than secure code is an endemic problem. "I certainly think so," said Perry. "It's going to be a problem for a few years yet. Most of these courses are three or four years long, and it takes roughly two years to implement something new. So we're not going to see the results for a long time."

A lack of standards, or accountability, was pointed to as the source of the problem. "If you're teaching cookery you are required to spend time teaching health and safety. This sort of requirement does not exist for our industry," Perry said.

Rather than blaming vendors Perry told companies to look inwards. "Departments don't communicate and parallel projects occur. So we don't get the benefit of existing technology," he said.

www.scmagazine.com/events
www.ca.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1783

Vote
Do you support the abolition of the Office of the Information Commissioner?