Feeds

Leeds Uni, MS teach undergrads to write secure code

Course work

  • alert
  • submit to reddit

Reducing security risks from open source software

Microsoft has teamed up with the University of Leeds to develop the UK's first undergraduate computer security module to focus on the skills which developers need write secure code.

The course kicks off in January 2004. Students will get hands-on experience of writing secure code and will learn to appreciate the fundamental role of security in software engineering. In addition to standard security topics, the module will cover threat modelling and basic security analysis of code, teaching students to identify potential weaknesses within their programs that could be exploited by unscrupulous crackers or virus writers.

Microsoft UK Chief Security Officer Stuart Okin said: "We are working with the University of Leeds because until now Computer Science graduates in this country were not obtaining adequate theoretical or practical experience. For instance, the module will educate students about buffer over-runs and how to avoid the pitfalls such as those exposed in the recent Slammer virus outbreak."

Professor Tony Cohn, Head of the School of Computing at the University of Leeds said he hoped the module help students to write better code while helping to give them an edge in the employment market on graduation.

John Harrison, an executive committee member of SAINT (Security Alliance for the Internet and New Technologies), has been working closely with the University of Leeds to promote information security within the curriculum.

"This is a very important step towards introducing security engineering into mainstream computer science and software engineering," said Harrison. "It is a serious omission that we have been training the next generation of software developers without this emphasis on security design principles and I hope other universities will follow this lead."
Microsoft is partly funding a Fellowship at the University. It is also working with the University of Leeds to develop the curriculum's content, which will "highlight the lessons learned from Microsoft's Trustworthy Computing initiative".

The company hopes to team up with other colleges and universities to offer similar courses worldwide.

Microsoft's recently announced a deal with Hull University to develop the UK's first postgraduate course in .NET. ®

Related Stories

Win a computer science bursary at Queen Mary
Cost of securing Windows Server 2003? Nearly $200m
Trustworthy Computing does Moon Walk (but not yet)
Microsoft outlines 3D progress to Trustworthiness
Open and closed security are roughly equivalent

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.