[Owasp-leaders] universities teaching secure development

Tobias tobias.gondrom at owasp.org
Wed Jun 12 15:08:01 UTC 2013


Hi,

(not sure whether posting this to the leaders list is the right place,
but as we don't have the Education committee anymore posting it here.
Otherwise apologies if misplaced post.)

am wondering, do we maybe have a prepared "secure development" course
curriculum that universities want to share among them / with OWASP?
E.g. like when Boing gave the IP of the Secure Coding reference guide to
OWASP for publication, maybe some universities like collaborate (or
already have) and we could have/develop/consolidate a full
course/lecture curriculum for the unis?
If we could reach more developers right from the beginning that would be
so cool.
In OWASP terms that could be a win-win and should be worth our efforts?

Best regards, Tobias



On 11/06/13 04:10, Constance Matthews wrote:
> What a timely subject. 
>
> In Columbus, OH we are working with the State Government and
> Colleges/Universities in the  very beginning stages/discussions on how
> we can get secure coding in the classroom and have security be a part
> of the SDLC. Ohio is excited and so are we (Bill Sempf, Aaron Ansari,
> and Connie Matthews). We are very excited on what this can mean to the
> future of secure coding and chipping away at the problem little by
> little (all going in the right direction.)
>
> We taught our first class to our membership last week to almost 100
> developers and the feedback was extremely positive.  We are very
> excited to see where this can go in Ohio.  Jim Manico, Jason
> Montgomery of Veracode and Bill Sempf (Central Ohio OWASP leader) did
> a fantastic job teaching the course.
>
> If anyone can give us any pointers, we are open to discussion. We feel
> that we have the right people to help us make this a reality in Ohio. 
> Taking baby steps.
>
> Please feel free to share your thoughts?
>
> Thank you,
> Connie
> On 6/10/2013 3:55 PM, Konstantinos Papapanagiotou wrote:
>> A good reason would be to compete (and win!) at the University
>> Challenge. :)
>>
>> Kostas
>>
>>
>> On Mon, Jun 10, 2013 at 5:43 PM, DK-OWASP <david.kadow at owasp.org
>> <mailto:david.kadow at owasp.org>> wrote:
>>
>>     Thank you all for the input.
>>
>>     TBC, one dimension of messaging in my "Come to AppsecUSA"
>>     PowerPoint ( to show at various non-OWASP MeetUps ) is  "Why?"
>>     One of the answers to "why?" is
>>     "There are 4,000 universities in the US...less than 100 teach
>>     secure development. Therefore It's highly likely that your new
>>     developers don't know how to keep you safe. Bring them to
>>     AppSecUSA, so they can help keep you out of the data breach
>>     headlines."
>>
>>     More to come...
>>
>>     I welcome your thoughts and comments. 
>>
>>     David Kadow, CISSP
>>     ---
>>     657-464-3250 (65-ringDBK-0)
>>     http://mynfosec.blogspot.com
>>     http://www.linkedin.com/in/davidkadow
>>
>>     On Jun 9, 2013, at 9:57 AM, Martin Knobloch
>>     <martin.knobloch at owasp.org <mailto:martin.knobloch at owasp.org>> wrote:
>>
>>>     This is a great list and starting point to do the University
>>>     Outreach once more!
>>>     We do have the OWASP Blue Book, /The OWASP Application Security
>>>     Code of Conduct for Educational Institutions:/
>>>     https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>>
>>>     Doing this properly, we can extend the list of OWASP Educational
>>>     supporters:
>>>
>>>       * What is: https://www.owasp.org/index.php/Academic_Supporter
>>>       * List of: https://www.owasp.org/index.php/Academic_Supporters
>>>
>>>     By addressing the Universities not yet being part of OWASP and
>>>     getting the local chapters in touch!
>>>     I am more then glad to help!
>>>
>>>     Cheers,
>>>     -martin
>>>
>>>
>>>     On Sun, Jun 9, 2013 at 2:56 PM, James Walden
>>>     <james.walden at gmail.com <mailto:james.walden at gmail.com>> wrote:
>>>
>>>         While the list of universities teaching secure development
>>>         in the US is short today, it should expand with the new
>>>         ACM/IEEE 2013 curriculum standard, which mandate secure
>>>         development across the curriculum.  The standards should be
>>>         finalized by the end of the year.
>>>
>>>         Thinking of university education, is anyone else attending
>>>         CISSE 2013 (http://www.cisse.info/) this week?
>>>
>>>         On Sun, Jun 9, 2013 at 7:19 AM, Martin Knobloch
>>>         <martin.knobloch at owasp.org
>>>         <mailto:martin.knobloch at owasp.org>> wrote:
>>>
>>>             Hi David,
>>>
>>>             How can I assist?
>>>
>>>             Cheers,
>>>             -martin
>>>
>>>
>>>             On Sat, Jun 8, 2013 at 3:31 PM, Tom Brennan - OWASP
>>>             <tomb at proactiverisk.com <mailto:tomb at proactiverisk.com>>
>>>             wrote:
>>>
>>>                 David, thank you for working on this effort; I do
>>>                 not have a answer for your question however your
>>>                 question does invoke a mapping of the membership
>>>                 list posted on the OWASP website to the list and
>>>                 logical inquiry to  Membership & Projects. Martin
>>>                 Knobloch is a very a active education advocate and I
>>>                 would not be surprised if someone has already
>>>                 conducted analyst on this demographic for a related
>>>                 OWASP Project
>>>
>>>                 OWASP-Leaders your help is requested.
>>>
>>>
>>>                 On Jun 8, 2013, at 9:02 AM, David Kadow
>>>                 <david.kadow at owasp.org
>>>                 <mailto:david.kadow at owasp.org>> wrote:
>>>
>>>>                 Quick question: ( this is for the "Come to
>>>>                 AppSecUSA" powerpoint I'm composing ) 
>>>>
>>>>                 There are approximately 4,000 universities in the
>>>>                 U.S., with enrollment of over 17 million students.
>>>>                 Do you know how many universities actually teach
>>>>                 secure development ? In 30 minutes and 13 pages of
>>>>                 google results I find less than 40 ( results below )
>>>>
>>>>                 arizona.edu <http://arizona.edu/>
>>>>                 asu.edu <http://asu.edu/>
>>>>                 auburn.edu <http://auburn.edu/>
>>>>                 berkeley.edu <http://berkeley.edu/>
>>>>                 cmu.edu/ <http://cmu.edu/>
>>>>                 cochise.edu <http://cochise.edu/>
>>>>                 colorado.edu <http://colorado.edu/>
>>>>                 columbusstate.edu <http://columbusstate.edu/>
>>>>                 dartmouth.edu <http://dartmouth.edu/>
>>>>                 ecsun.edu <http://ecsun.edu/>
>>>>                 fau.edu <http://fau.edu/>
>>>>                 gvsu.edu <http://gvsu.edu/>
>>>>                 hawaii.edu <http://hawaii.edu/>
>>>>                 kit.edu <http://kit.edu/>
>>>>                 mcsueastbay.edu <http://mcsueastbay.edu/>
>>>>                 mit.edu <http://mit.edu/>
>>>>                 msstate.edu <http://msstate.edu/>
>>>>                 ncsu.edu <http://ncsu.edu/>
>>>>                 nku.edu <http://nku.edu/>
>>>>                 pitt.edu <http://pitt.edu/>
>>>>                 psu.edu <http://psu.edu/>
>>>>                 sc.edu <http://sc.edu/>
>>>>                 scf.edu <http://scf.edu/>
>>>>                 sharif.edu <http://sharif.edu/>
>>>>                 sjsu.edu <http://sjsu.edu/>
>>>>                 stanford.edu <http://stanford.edu/>
>>>>                 ucf.edu <http://ucf.edu/>
>>>>                 uic.edu <http://uic.edu/>
>>>>                 uis.edu <http://uis.edu/>
>>>>                 usc.edu <http://usc.edu/>
>>>>                 usouthal.edu <http://usouthal.edu/>
>>>>                 utdallas.edu <http://utdallas.edu/>
>>>>                 utexas.edu <http://utexas.edu/>
>>>>                 utsa.edu <http://utsa.edu/>
>>>>                 washington.edu <http://washington.edu/>
>>>>                 wisc.edu <http://wisc.edu/>
>>>>                 wright.edu <http://wright.edu/>
>>>>
>>>>                 Any guidance will be appreciated.
>>>>                 -- 
>>>>
>>>>                 David Kadow, CISSP
>>>>                 657-464-3250 <tel:657-464-3250>
>>>
>>>
>>>
>>>             _______________________________________________
>>>             OWASP-Leaders mailing list
>>>             OWASP-Leaders at lists.owasp.org
>>>             <mailto:OWASP-Leaders at lists.owasp.org>
>>>             https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>>
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> -- 
> Constance Matthews        cmatthews at microsolved.com
> Account Executive        
> Phone: 614. 351.1237 X 206
> Cell: 614.286.2408
> Fax: 512-592-7904
>
> Linked In: www.linkedin.com/in/ConnieMatthews
> PGP Key Available by Request
> MicroSolved is security expertise you can trust!
>
> HoneyPoint Security Server
> Attackers get stung, instead of you!
> http://www.microsolved.com/honeypoint
>  
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130612/ea7c419f/attachment-0001.html>


More information about the OWASP-Leaders mailing list