Training key to secure coding

09.03.2006
Education and training play a crucial role in secure code writing, says Howard Schmidt, CEO of R&H Security Consulting in Issaquah, Wash. and a former White House cybersecurity advisor.

The onus is on software companies to ensure they either hire code developers trained in secure code authoring or provide themselves the necessary training needed by programmers so that they are able to write more secure code, he says.

One professor at the University of Ottawa believes that, while educational institutions are producing more IT graduates who know how to code secure software, there is still a 'great distance to go.'

The University of Ottawa's software engineering program educates undergrads on secure coding through a course called Design of Secure Computer Systems, says computer science and software engineering professor Timothy Lethbridge.

But while the course is compulsory for software engineering undergrads, it is merely an elective for computer science students, Lethbridge says. He explains that's because computer science programs encompass many scientific fields, a student that majors in artificial intelligence, for instance, may see no need to take the secure coding course.

Still, many computer science undergrads choose to take the course, he says.