[Owasp-leaders] OWASP Academies: learn the landscape first

James Walden james.walden at gmail.com
Wed Dec 1 10:50:03 EST 2010

Having worked in industry first and now as a professor, my first
recommendation is to learn the current processes and contraints of
universities.  While all of us probably have experience with one or a
handful of universities, each one is different and so we have to be
careful about overgeneralizing our experiences.  I recommend starting
with ACM's curriculum standards, which is a general basis for computer
degree programs and accreditation thereof.


The first aspect of these standards that you'll probably notice is the
abundance of material.  Most computer science, software engineering,
information systems, and information technology programs are running
close to the maximum number of classes allowed, especially with the
push in the U.S. to increase graduation rates by reducing the number
of semester hours for a bachelor's degree from 128 to 120.  Several
state university systems have already mandated such reductions.

There are three ways to fit OWASP curricular materials into the
limited space available:

1. Find where the material fits in the ACM curriculum and integrate it
into those existing topics and courses.
2. Create specialized certificate programs at the undergraduate or
master's level.
3. Create specialized master's degree programs.

Academics are already trying all three approaches to introducing
software security into the curriculum:

1. The NSF-funded security injections project
2. Secure software engineering certificates at NKU and Stevens:
        * http://informatics.nku.edu/csc/mscs/sse_certificate.php
        * http://dc.stevens.edu/academic-programs/systems-engineering-security/
3. Secure software systems MS degree focus

While these approaches are more general than OWASP's focus on web
application security, they show what can be accomplished and how much
or how little demand there is for such ideas.

James Walden
Dept. of Computer Science (http://cs.nku.edu)
Northern Kentucky University

More information about the OWASP-Leaders mailing list