Back to School
Six months ago or so, I
interviewed
Microsoft security expert Mike Howard about the challenge his company faced
as it worked to make the development of fundamentally secure software a core
mission of every project. Known as Security Development Lifecycle (SDL), the
effort took years to complete, and ultimately resulted in the release of much
more secure code.
One complaint Howard voiced in that interview was the lack of security-related
awareness and training among entry-level programmers arriving at Microsoft.
He specifically pointed a finger at undergraduate institutions, which he said
were producing programmers who didn't have to consider code vulnerabilities
during their formal education. As a result, Microsoft now sends new arrivals
to a weeks-long security training program, just to get them up to speed. In
a sense, Microsoft is doing the work that schools should've accomplished.
We've heard other complaints, as well, about college-level programs.
Our senior editor, Kathleen Richards, is working on an upcoming feature about
computer science education in colleges and graduate schools, and how it's changing
(or not changing) to meet modern challenges. We want to hear from you. If you're
hiring newly graduated programmers, what are you noticing?
And as a development manager, if you could send a message to the people who
run the computer science curricula at major schools, what would you want to
say to them? Now is your chance. E-mail me at mdesmond@reddevnews.com.
Posted by Michael Desmond on 10/03/2007