Computer science education: Secure software

Scope and Method of Study: Computer Science Education Human Subject Research Findings and Conclusions: Computer security problems have been increasing significantly as the Internet has been increasing the means to both access and to distribute both code and data. Attempts to address these problems through computer science education by focusing on information security, network security, and system security have not been entirely successful. The security problems are serious enough at this time that both industry and academia are looking for other solutions and even for other partial solutions. One of these proposed partial solutions focuses the security investigations on the commonality that underlies all software: code.;The author proposed that all computer science undergraduates should be required to take a computer security course that focuses on code security early in their undergraduate program. The objectives of this course would be to teach the importance of code security, to instruct in practical coding techniques for making programs more secure, and to provide practice in these secure coding techniques.;The author has taught an introductory security course with emphasis in code security over the course of one semester during this research project. The students in the course ranged from second semester freshman, straight out of Computer Science I, to seniors graduating at the end of that semester. While results from the pre-test and post-test surveys completed by course subjects were mixed, they suggested that the course was at least partially successful. The students did seem to have a better understanding of computer security but seem to have not improved as much within the area of secure coding as the author had anticipated. The author feels that more repetition and feedback on the writing of secure code will improve the course the next time it is offered.;The author believes these proposals are not a perfect solution for the present computer security problem. However, the author does believe that these proposals are a valid partial solution.