What is the state of Security in Comp Sci Programs

Question

In a previous question (How can I keep my programmer collegues informed about security issues?) there was a statement:

"...and I realise that security topics are often barely known from both the student and the teacher."

It made me wonder what is getting taught.

So what is the state of Security-related teaching in a run of the mill CS program? Are the basics taught? Are more advanced topics taught? Perhaps elective? None at all?

Rory Alsop · Accepted Answer · 2010-12-07T22:33:58.970

From the universities I have looked at, the basics are there (to a greater or lesser degree) but as it isn't a focus, there is very little effort put into updating the course material, for example some course material we have seen has code examples containing well known security vulnerabilities. This just isn't going to get rectified onthe low budgets universities have. And as far as advanced topics, you'll need to be on an Infosec related course.

Initiatives such as the Scotland & Northern Ireland Centre of Excellence in Security & Cybercrime are hoping to make a difference by using volunteers from industry to improve the training in order to lead to graduates who actually understand security.

(disclaimer - I am one of the volunteer supporters of the CoE in Scotland)

Edit - to be fair there are a couple of universities in the UK that have excellent security modules but these are normally part of infosec degrees (eg Royal Holloway, Westminster, Napier)

score 2 · Answer 2 · answered Dec 07 '10 at 15:27

2

At Oxford University, security is an advanced, final year option of the computer science undergrad course.

answered Dec 07 '10 at 15:27

Security is also covered very well in the relevant classes from [this list](http://cr.yp.to/courses.html) at UIC. – user502 Dec 07 '10 at 15:34
Oxford also offers a Masters' in Software and Systems Security, so they might be a bit of an outlier. – Tom Hawtin - tackline Dec 07 '10 at 17:44
@Tom: I know, I have their PgC in software security ;). – Dec 07 '10 at 18:09

score 2 · Answer 3 · answered Dec 07 '10 at 21:08

We had in the bachelors (undergraduate?) 1 security course which covered the basic concepts of security. But in that time I passed the course with a 7 out of 10 without even really understanding what public key crypto was. So you can imagine the level... Software security and secure programming was never really discussed at all.

Then I did a master called Information Security Technology which is a 2 year master program focused on all aspects of security in depth. Imagine CISSP but with much more depth, theory, math and science. I really enjoyed this masters program.

What is the state of Security in Comp Sci Programs

3 Answers3