[Owasp-leaders] universities teaching secure development

Konstantinos Papapanagiotou Konstantinos at owasp.org
Wed Jun 12 16:16:00 UTC 2013


Good points. We've thought and discussed about these issues a lot of times
and Martin is right, we have planned to make an "academy portal" which has
not yet kicked off (partly my responsibility/lack of time). Ideally we
could have something like this:
http://www.isaca.org/Knowledge-Center/Academia/Pages/ISACA-Model-Curricula.aspx

Anyway, not only there's no Education Committee anymore but I saw somewhere
that the plan for hiring an "Educational Director" has been put off.
Apparently education is not a priority for the board at this stage. It
would be nice to hear what this year's candidates have to propose.

Kostas


On Wed, Jun 12, 2013 at 6:08 PM, Tobias <tobias.gondrom at owasp.org> wrote:

>  Hi,
>
> (not sure whether posting this to the leaders list is the right place, but
> as we don't have the Education committee anymore posting it here. Otherwise
> apologies if misplaced post.)
>
> am wondering, do we maybe have a prepared "secure development" course
> curriculum that universities want to share among them / with OWASP?
> E.g. like when Boing gave the IP of the Secure Coding reference guide to
> OWASP for publication, maybe some universities like collaborate (or already
> have) and we could have/develop/consolidate a full course/lecture
> curriculum for the unis?
> If we could reach more developers right from the beginning that would be
> so cool.
> In OWASP terms that could be a win-win and should be worth our efforts?
>
> Best regards, Tobias
>
>
>
>
> On 11/06/13 04:10, Constance Matthews wrote:
>
> What a timely subject.
>
> In Columbus, OH we are working with the State Government and
> Colleges/Universities in the  very beginning stages/discussions on how we
> can get secure coding in the classroom and have security be a part of the
> SDLC. Ohio is excited and so are we (Bill Sempf, Aaron Ansari, and Connie
> Matthews). We are very excited on what this can mean to the future of
> secure coding and chipping away at the problem little by little (all going
> in the right direction.)
>
> We taught our first class to our membership last week to almost 100
> developers and the feedback was extremely positive.  We are very excited to
> see where this can go in Ohio.  Jim Manico, Jason Montgomery of Veracode
> and Bill Sempf (Central Ohio OWASP leader) did a fantastic job teaching the
> course.
>
> If anyone can give us any pointers, we are open to discussion. We feel
> that we have the right people to help us make this a reality in Ohio.
> Taking baby steps.
>
> Please feel free to share your thoughts?
>
> Thank you,
> Connie
> On 6/10/2013 3:55 PM, Konstantinos Papapanagiotou wrote:
>
> A good reason would be to compete (and win!) at the University Challenge.
> :)
>
>  Kostas
>
>
> On Mon, Jun 10, 2013 at 5:43 PM, DK-OWASP <david.kadow at owasp.org> wrote:
>
>>  Thank you all for the input.
>>
>>  TBC, one dimension of messaging in my "Come to AppsecUSA" PowerPoint (
>> to show at various non-OWASP MeetUps ) is  "Why?"
>> One of the answers to "why?" is
>> "There are 4,000 universities in the US...less than 100 teach secure
>> development. Therefore It's highly likely that your new developers don't
>> know how to keep you safe. Bring them to AppSecUSA, so they can help keep
>> you out of the data breach headlines."
>>
>>  More to come...
>>
>>  I welcome your thoughts and comments.
>>
>> David Kadow, CISSP
>> ---
>> 657-464-3250 (65-ringDBK-0)
>> http://mynfosec.blogspot.com
>> http://www.linkedin.com/in/davidkadow
>>
>> On Jun 9, 2013, at 9:57 AM, Martin Knobloch <martin.knobloch at owasp.org>
>> wrote:
>>
>>     This is a great list and starting point to do the University
>> Outreach once more!
>>  We do have the OWASP Blue Book, *The OWASP Application Security Code of
>> Conduct for Educational Institutions:*
>> https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>
>> Doing this properly, we can extend the list of OWASP Educational
>> supporters:
>>
>>    - What is: https://www.owasp.org/index.php/Academic_Supporter
>>    - List of: https://www.owasp.org/index.php/Academic_Supporters
>>
>>  By addressing the Universities not yet being part of OWASP and getting
>> the local chapters in touch!
>>  I am more then glad to help!
>>
>> Cheers,
>>  -martin
>>
>>
>> On Sun, Jun 9, 2013 at 2:56 PM, James Walden <james.walden at gmail.com>wrote:
>>
>>> While the list of universities teaching secure development in the US is
>>> short today, it should expand with the new ACM/IEEE 2013 curriculum
>>> standard, which mandate secure development across the curriculum.  The
>>> standards should be finalized by the end of the year.
>>>
>>> Thinking of university education, is anyone else attending CISSE 2013 (
>>> http://www.cisse.info/) this week?
>>>
>>>  On Sun, Jun 9, 2013 at 7:19 AM, Martin Knobloch <
>>> martin.knobloch at owasp.org> wrote:
>>>
>>>>    Hi David,
>>>>
>>>>  How can I assist?
>>>>
>>>>  Cheers,
>>>>  -martin
>>>>
>>>>
>>>> On Sat, Jun 8, 2013 at 3:31 PM, Tom Brennan - OWASP <
>>>> tomb at proactiverisk.com> wrote:
>>>>
>>>>>  David, thank you for working on this effort; I do not have a answer
>>>>> for your question however your question does invoke a mapping of the
>>>>> membership list posted on the OWASP website to the list and logical inquiry
>>>>> to  Membership & Projects. Martin Knobloch is a very a active education
>>>>> advocate and I would not be surprised if someone has already conducted
>>>>> analyst on this demographic for a related OWASP Project
>>>>>
>>>>>  OWASP-Leaders your help is requested.
>>>>>
>>>>>
>>>>>  On Jun 8, 2013, at 9:02 AM, David Kadow <david.kadow at owasp.org>
>>>>> wrote:
>>>>>
>>>>>  Quick question: ( this is for the "Come to AppSecUSA" powerpoint I'm
>>>>> composing )
>>>>>
>>>>>  There are approximately 4,000 universities in the U.S., with
>>>>> enrollment of over 17 million students. Do you know how many universities
>>>>> actually teach secure development ? In 30 minutes and 13 pages of google
>>>>> results I find less than 40 ( results below )
>>>>>
>>>>>  arizona.edu
>>>>> asu.edu
>>>>> auburn.edu
>>>>> berkeley.edu
>>>>> cmu.edu/
>>>>> cochise.edu
>>>>> colorado.edu
>>>>> columbusstate.edu
>>>>> dartmouth.edu
>>>>> ecsun.edu
>>>>> fau.edu
>>>>> gvsu.edu
>>>>> hawaii.edu
>>>>> kit.edu
>>>>> mcsueastbay.edu
>>>>> mit.edu
>>>>> msstate.edu
>>>>> ncsu.edu
>>>>> nku.edu
>>>>> pitt.edu
>>>>> psu.edu
>>>>> sc.edu
>>>>> scf.edu
>>>>> sharif.edu
>>>>> sjsu.edu
>>>>> stanford.edu
>>>>> ucf.edu
>>>>> uic.edu
>>>>> uis.edu
>>>>> usc.edu
>>>>> usouthal.edu
>>>>> utdallas.edu
>>>>> utexas.edu
>>>>> utsa.edu
>>>>> washington.edu
>>>>> wisc.edu
>>>>> wright.edu
>>>>>
>>>>>  Any guidance will be appreciated.
>>>>> --
>>>>>
>>>>> David Kadow, CISSP
>>>>> 657-464-3250
>>>>>
>>>>>
>>>>>
>>>>
>>>>  _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> --
> Constance Matthews        cmatthews at microsolved.com
> Account Executive
> Phone: 614. 351.1237 X 206
> Cell: 614.286.2408
> Fax: 512-592-7904
>
> Linked In: www.linkedin.com/in/ConnieMatthews
> PGP Key Available by Request
> MicroSolved is security expertise you can trust!
>
> HoneyPoint Security Server
> Attackers get stung, instead of you!http://www.microsolved.com/honeypoint
>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130612/6e4162ef/attachment-0001.html>


More information about the OWASP-Leaders mailing list