[Owasp-leaders] OWASP Academies: learn the landscape first

Jeremy Epstein jeremy.j.epstein at gmail.com
Wed Dec 1 15:03:35 EST 2010

Not to disagree with much of anything that's been said, but you should
know that a LOT of people and organizations are working on different
aspects of the security education problem.  Among them, trade
associations (TechAmerica), professional organizations (ACM),
universities, vendors, etc.  And there's huge legislative activities
in the US around training and education.  So please don't reinvent the

I'd like to particularly emphasize what James Walden said - we aren't
the only constituency who thinks students graduate without having the
right knowledge.  Trying to get an applications security course added
to the mandatory undergraduate program is nearly impossible - you're
going to be goring someone's ox who has spent decades putting it

I hate to sound so negative, but I've been (lightly) involved in this
issue for the past few years, and it's not as simple as developing a
curriculum.  That may work for certificate programs, but not if you
want it as part of the core that everyone learns - the curriculum is
just about the last step.

Here's an article that came out just last week on the topic....

Spaf on Security Education in 2011
GovInfoSecurity.com (11/23/10) Tom Field

Purdue University professor Eugene Spafford says that both industry
and government are focusing more on the need for students to receive
training in information assurance.  "We've had people in Washington
talking about [the] need for putting in resources, so the awareness
has increased and that is good," Spafford says.  However, he points to
a dearth of resources provided by industry, such as equipment and
training.  Also, the government has not supplied funding to boost the
number of students going through programs or to raise the resources
and classrooms to get the training.  Spafford says students currently
entering the computing field are a lot more comfortable with the
technology as well as with adopting new technology.  He points to
education's willingness to cooperate with government and business to
grow information assurance to desired 2011 levels.  "Business at the
back end has to be willing to hire students and to state a preference
where students who get the kind of training that is going to
demonstrate that they understand how to produce quality code, take
issues of privacy and security into account rather than simply doing
the sort of quick and flashy Web programming that often leads to
security problems and privacy violations," says Spafford.


More information about the OWASP-Leaders mailing list