Software Reengineering Approach to Teaching Secure Coding Practices

Author:
Leo Hansel, Sam Chung, Barbara Endicott-Popovsky
File Size:
772.45 kB
Date:
01 July 2011
Downloads:
2038 x

Each year hackers exploit hundreds of vulnerabilities in software, yet the same vulnerabilities continue to appear in code, over and over again, and many educational institutions continue to teach programming as they always have. Companies, such as Microsoft, have found it necessary to conduct secure coding training classes to make up for the absence of the subject in college-level curriculum. Reasons for this lack are many, but our research is motivated by one major barrier: instructor lack of time to convert existing, well-developed curriculum to include secure coding concepts. To address this issue, we have developed an approach that applies the 4+1 Views software re-engineering technique to transform source code that does not incorporate any security concepts, into source code that can defend against attacks.

Software Reengineering Approach to Teaching Secure Coding Practices