[Owasp-leaders] OWASP Academies: learn the landscape first

James McGovern JMcGovern at virtusa.com
Wed Dec 1 11:36:26 EST 2010

Several of my friends are professors in local universities and have observed the classes that are most frequently taken also happen to be either the ones that are the most easiest in terms of time and/or are more fun. Let's make sure that we aren't hurting ourselves by putting too much rigor. In my own experience, there are very good reasons why I took courses on marketing and extentionalism...

James McGovern
Insurance SBU 
Virtusa Corporation
100 Northfield Drive, Suite 305 | Windsor, CT | 06095
Phone:  860 688 9900 Ext:  1037 | Facsimile:  860 688 2890  

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of James Walden
Sent: Wednesday, December 01, 2010 10:50 AM
To: owasp-leaders at lists.owasp.org
Cc: global_education_committee at lists.owasp.org
Subject: [Owasp-leaders] OWASP Academies: learn the landscape first

Having worked in industry first and now as a professor, my first
recommendation is to learn the current processes and contraints of
universities.  While all of us probably have experience with one or a
handful of universities, each one is different and so we have to be
careful about overgeneralizing our experiences.  I recommend starting
with ACM's curriculum standards, which is a general basis for computer
degree programs and accreditation thereof.


The first aspect of these standards that you'll probably notice is the
abundance of material.  Most computer science, software engineering,
information systems, and information technology programs are running
close to the maximum number of classes allowed, especially with the
push in the U.S. to increase graduation rates by reducing the number
of semester hours for a bachelor's degree from 128 to 120.  Several
state university systems have already mandated such reductions.

There are three ways to fit OWASP curricular materials into the
limited space available:

1. Find where the material fits in the ACM curriculum and integrate it
into those existing topics and courses.
2. Create specialized certificate programs at the undergraduate or
master's level.
3. Create specialized master's degree programs.

Academics are already trying all three approaches to introducing
software security into the curriculum:

1. The NSF-funded security injections project
2. Secure software engineering certificates at NKU and Stevens:
        * http://informatics.nku.edu/csc/mscs/sse_certificate.php
        * http://dc.stevens.edu/academic-programs/systems-engineering-security/
3. Secure software systems MS degree focus

While these approaches are more general than OWASP's focus on web
application security, they show what can be accomplished and how much
or how little demand there is for such ideas.

James Walden
Dept. of Computer Science (http://cs.nku.edu)
Northern Kentucky University
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

Virtusa was recently ranked and featured in 2010 Deloitte Technology Fast 500, 2010 Global Services 100, IAOP's 2010 Global Outsourcing 100 sub-list and 2010 FinTech 100 among others.


This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is intended for the addressee only. Any unauthorized disclosure, use, dissemination, copying, or distribution of this message or any of its attachments or the information contained in this e-mail, or the taking of any action based on it, is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail and delete this message.


More information about the OWASP-Leaders mailing list