Computer Security in Introductory Programming Classes



Bibliographic Information


The scope of computer security is as broad as the field of computer science; however, its most immediate impact to the average user is in the faulty, non-secure software, hardware, and systems that are deployed. The majority of these are designed, implemented and built, and fielded by people with much experience in their disciplines, but little in computer security. The basis of this position paper is the belief that to improve computer security education, we must increase the average computer programmer’s understanding of the issues of computer security.

Like many facets of the field of computer science, computer security rests on a firm understanding of the basics of computer programming, such as design, implementation, testing, and deployment. In that sense, a student’s first and second classes in programming are the beginnings of computer security education. This position paper argues that a major thrust of any initiative to improve the state of computer security education must begin with an analysis of teaching the basics of good design and programming.


©1997 by Matt Bishop. The definitive version was published in the Proceedings of the Workshop on Education in Computer Security, Jan. 1997.