Secure Programming: A Way of Life (or Death)

Abstract. This talk briefly reviews what “secure programming” is, and the principles on which it is based and practiced. It then discusses some drivers to foster adoption, and how to “prime the pump” to ensure that students who study programming know about, and practice, the techniques when they graduate. Finally, this talk presents ideas for supporting the teaching and practice of secure programming in industry, government, and academic institutions.

Author: Matt Bishop
Given at: 2017 Colloquium for Information System Security Education
Date: June 13, 2017

No corresponding paper

First slide (slide 1)
Last slide (slide 39)

Slides in PDF and PS


Slide 1: Secure Programming: A Way of Life (or Death)
Slide 2: Disclaimer
Slide 3: Theme: Does It Matter?
Slide 4: Weinberg’s Second Law
Slide 5: What Exactly Are We Talking About?
Slide 6: Robust vs. Secure Programming
Slide 7: Problem
Slide 8: Quality of Code
Slide 9: Security is Cumulative
Slide 10: More Problems
Slide 11: Basic Principles of Robustness
Slide 12: Helping Solve the Technical Problem
Slide 13: Test to These!
Slide 14: What Will Drive Improvement?
Slide 15: What Will Drive Improvement?
Slide 16: Software Liability
Slide 17: Software Liability
Slide 18: So What’s Holding Us Back?
Slide 19: So What’s Holding Us Back?
Slide 20: Lack of Resources
Slide 21: Lack of People
Slide 22: Focus for Rest of Talk
Slide 23: How Do We Teach Secure Programming?
Slide 24: Questionable Idea #1: Testing Students’ Knowledge
Slide 25: Questionable Idea #2: Unsupported Mandates
Slide 26: What Can Academia Do?
Slide 27: What Can Industry Do?
Slide 28: Work With Students and Faculty
Slide 29: What Will This Do?
Slide 30: Government Support
Slide 31: NSA (NSA/DHS) CAE Program
Slide 32: NSF Education and Human Resources
Slide 33: NSF Funding Sources
Slide 34: Critical Warning About NSF
Slide 35: National Initiative for Cybersecurity Education
Slide 36: More About NICE
Slide 37: Key Points
Slide 38: A Really, Really Important Point!
Slide 39: Conclusion