Security Education – Yay, again!

Interesting read based on my last little rant about the lack of security (as-in-threats) education in school.

Software firms fault colleges’ security education

I don’t want to make one point clear, education also belongs in industry, but we need more in school.

Comments (2)

  1. This is exactly what I’m doing. I’ve presented a six day course to a bank’s developers last year, and I’m working up a new improved three day course for my current employer now.

    Hopefully, this can be followed up with some mentoring and turning a few developers into security "champions", who along with decent peer review processes, start to make an impact on the quality of code.

    In your next edition of Writing Secure Code, I’d really like to collaborate with you on getting the "Performing a Security Code Review" chapter up to scratch. The current one is a little light on for content, particularly when compared to the other chapters, and yet it’s one of the most important pieces of the puzzle for places that have never done them before.

    Andrew van der Stock

    Technical editor of the OWASP Guide 2.0

  2. Michael Howard says:

    Good Stuff – but we really need to improve the quality of engineers coming out of school – the education is simply not there 🙁

    It’s not like it’s important, or anything!