[Owasp-leaders] Who knows about CISSE?

James Walden james.walden at gmail.com
Tue Mar 24 22:14:34 EDT 2009


On Tue, Mar 24, 2009 at 11:18 AM, Andre Gironda <andreg at gmail.com> wrote:

> 2009/3/24 James Walden <james.walden at gmail.com>:
> > I presented at CISSE a few years ago, which was before I became involved
> > with OWASP.  I don't know of any connection between OWASP and CISSE.
> CISSE
> > is the largest venue of security educators, though software security is
> > still not a subject of broad awareness or interest yet.
>
> How about virtualization/cloud security?  Or data security?
>
> How can people possibly still be living in the pre-DotCom era?
>

I was at SIGCSE, the largest conference for computer science educators, a
couple of weeks ago, and I found that textbook publishers are still
primarily publishing security textbooks that claim to be network security or
computer security texts while focusing heavily on cryptography. Around half
the attendees of the web application security workshop I give at that
conference are surprised at the existence of flaws like SQL injection or
XSS.  Most of attendees teach at universities which have zero or one
security classes and their web textbooks say little or nothing about
security issues.

We have a long way to go on promoting awareness, which is why the OWASP
education project is so important.  There are a few academic software
security education resources worth noting, such as the repository for the
secure software development faculty workshop at
http://www.cs.ucdavis.edu/secure-exer/ and the SEED project at
http://www.cis.syr.edu/~wedu/seed/all_labs.html.  I'm working to put more of
my materials in an accessible format, but you can view all of the slides and
assignments for my secure software engineering class at
http://faculty.cs.nku.edu/~waldenj/classes/2009/spring/csc666/.  If you have
any feedback, I'd appreciate hearing from you.  We're also working on a
secure programming across the curriculum initiative at my university.

James Walden, Ph.D.
http://faculty.cs.nku.edu/~waldenj/ <http://faculty.cs.nku.edu/%7Ewaldenj/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090324/b6a7791b/attachment.html 


More information about the OWASP-Leaders mailing list