[CS-FSLUG] Security lessons still lacking for computer science grads

[Peter J. Vasquez Sr.]

I concur.  I'm graduating with my masters in computer science this
semester, and speaking with some of the undergrads who are also
graduating, they're obviously skilled at development, but don't
understand the need for security.  These are the same kids who share
everything on social media sites, and get by just making sure a
software project works/meets the minimum requirements without
considering how it might break or be used otherwise (boundary/service
security questions and isolation, regression testing, and side-channel
analysis/proper debugging of their code).  I think most cs grads think
that any problems that do come up can be handled with patches, which
are typically done by another team entirely in large organizations.
This isn't only dangerous, it's wasteful, and holds the industry back
from larger advancements as a whole.  Personally, I think it's an
attitude, but it might also have to do with corporate influence (I
don't know how most public Universities are structured, but at the one
I attend, Microsoft is a major sponsor of the special events,
hardware, and software exposure throughout the cd department)

--
Peter

On Thu, Apr 28, 2011 at 2:56 PM, Fred A. Miller <fmiller at lightlink.com> wrote:
> http://www.infoworld.com/t/application-security/security-lessons-still-lacking-computer-science-grads-769?source=IFWNLE_nlt_sec_2011-04-26
>
> --
> "Gun control is like trying to reduce drunk driving by making it
> tougher for sober people to own cars." - Unknown
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>