Security Education - Yay, again!

Published 17 February 05 01:21 PM

Interesting read based on my last little rant about the lack of security (as-in-threats) education in school.

I don't want to make one point clear, education also belongs in industry, but we need more in school.

Filed under: Security

# Andrew van der Stock said on February 17, 2005 6:39 PM:: This is exactly what I'm doing. I've presented a six day course to a bank's developers last year, and I'm working up a new improved three day course for my current employer now.

Hopefully, this can be followed up with some mentoring and turning a few developers into security "champions", who along with decent peer review processes, start to make an impact on the quality of code.

In your next edition of Writing Secure Code, I'd really like to collaborate with you on getting the "Performing a Security Code Review" chapter up to scratch. The current one is a little light on for content, particularly when compared to the other chapters, and yet it's one of the most important pieces of the puzzle for places that have never done them before.

Andrew van der Stock
Technical editor of the OWASP Guide 2.0
# Michael Howard said on February 17, 2005 8:51 PM:: Good Stuff - but we really need to improve the quality of engineers coming out of school - the education is simply not there :(

It's not like it's important, or anything!

New Comments to this post are disabled

Michael Howard's Web Log