Teach the Hands, Train the Mind … A Secure Programming Clinic!
M. Dark, I. Ngambeki, M. Bishop, and S. Belcher, “Teach the Hands, Train the Mind … A Secure Programming Clinic,” Proceedings of the 19th Colloquium on Information Systems Security Education (June 2015).
Computer Science programs often fail to provide students with a complete and comprehensive education in secure programming. The reasons for this failure include: not emphasizing the importance of secure programming beyond basic principles, overloaded curricula in which secure programming courses are elective, and the failure to integrate advanced secure programming along with advanced programming. This paper proposes the use of a Secure Programming Clinic to help address this failure and describes principles for the design, structure, and evaluation of such a clinic.