[Owasp-leaders] universities teaching secure development

vanderaj vanderaj vanderaj at owasp.org
Thu Jun 13 02:48:04 UTC 2013


I would like us to take into account the ACM / IEEE curriculum if we can.
It's not as proactive or built around software engineering as I would like,
and that leaves the wiggle room for OWASP to be the thought leaders in this
space.

Let's define good secure software engineering practice, that sits atop the
basic 100 level ACM / IEEE curriculum.

I love the idea of an education portal that has online classes, curriculum
ready to go, tests for educators, and links to our other materials. This is
a total win if we can drive it forward.

thanks,
Andrew


On Thu, Jun 13, 2013 at 2:16 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> Good points. We've thought and discussed about these issues a lot of times
> and Martin is right, we have planned to make an "academy portal" which has
> not yet kicked off (partly my responsibility/lack of time). Ideally we
> could have something like this:
> http://www.isaca.org/Knowledge-Center/Academia/Pages/ISACA-Model-Curricula.aspx
>
> Anyway, not only there's no Education Committee anymore but I saw
> somewhere that the plan for hiring an "Educational Director" has been put
> off. Apparently education is not a priority for the board at this stage. It
> would be nice to hear what this year's candidates have to propose.
>
> Kostas
>
>
> On Wed, Jun 12, 2013 at 6:08 PM, Tobias <tobias.gondrom at owasp.org> wrote:
>
>>  Hi,
>>
>> (not sure whether posting this to the leaders list is the right place,
>> but as we don't have the Education committee anymore posting it here.
>> Otherwise apologies if misplaced post.)
>>
>> am wondering, do we maybe have a prepared "secure development" course
>> curriculum that universities want to share among them / with OWASP?
>> E.g. like when Boing gave the IP of the Secure Coding reference guide to
>> OWASP for publication, maybe some universities like collaborate (or already
>> have) and we could have/develop/consolidate a full course/lecture
>> curriculum for the unis?
>> If we could reach more developers right from the beginning that would be
>> so cool.
>> In OWASP terms that could be a win-win and should be worth our efforts?
>>
>> Best regards, Tobias
>>
>>
>>
>>
>> On 11/06/13 04:10, Constance Matthews wrote:
>>
>> What a timely subject.
>>
>> In Columbus, OH we are working with the State Government and
>> Colleges/Universities in the  very beginning stages/discussions on how we
>> can get secure coding in the classroom and have security be a part of the
>> SDLC. Ohio is excited and so are we (Bill Sempf, Aaron Ansari, and Connie
>> Matthews). We are very excited on what this can mean to the future of
>> secure coding and chipping away at the problem little by little (all going
>> in the right direction.)
>>
>> We taught our first class to our membership last week to almost 100
>> developers and the feedback was extremely positive.  We are very excited to
>> see where this can go in Ohio.  Jim Manico, Jason Montgomery of Veracode
>> and Bill Sempf (Central Ohio OWASP leader) did a fantastic job teaching the
>> course.
>>
>> If anyone can give us any pointers, we are open to discussion. We feel
>> that we have the right people to help us make this a reality in Ohio.
>> Taking baby steps.
>>
>> Please feel free to share your thoughts?
>>
>> Thank you,
>> Connie
>> On 6/10/2013 3:55 PM, Konstantinos Papapanagiotou wrote:
>>
>> A good reason would be to compete (and win!) at the University Challenge.
>> :)
>>
>>  Kostas
>>
>>
>> On Mon, Jun 10, 2013 at 5:43 PM, DK-OWASP <david.kadow at owasp.org> wrote:
>>
>>>  Thank you all for the input.
>>>
>>>  TBC, one dimension of messaging in my "Come to AppsecUSA" PowerPoint (
>>> to show at various non-OWASP MeetUps ) is  "Why?"
>>> One of the answers to "why?" is
>>> "There are 4,000 universities in the US...less than 100 teach secure
>>> development. Therefore It's highly likely that your new developers don't
>>> know how to keep you safe. Bring them to AppSecUSA, so they can help keep
>>> you out of the data breach headlines."
>>>
>>>  More to come...
>>>
>>>  I welcome your thoughts and comments.
>>>
>>> David Kadow, CISSP
>>> ---
>>> 657-464-3250 (65-ringDBK-0)
>>> http://mynfosec.blogspot.com
>>> http://www.linkedin.com/in/davidkadow
>>>
>>> On Jun 9, 2013, at 9:57 AM, Martin Knobloch <martin.knobloch at owasp.org>
>>> wrote:
>>>
>>>     This is a great list and starting point to do the University
>>> Outreach once more!
>>>  We do have the OWASP Blue Book, *The OWASP Application Security Code
>>> of Conduct for Educational Institutions:*
>>> https://www.owasp.org/index.php/OWASP_Codes_of_Conduct
>>>
>>> Doing this properly, we can extend the list of OWASP Educational
>>> supporters:
>>>
>>>    - What is: https://www.owasp.org/index.php/Academic_Supporter
>>>    - List of: https://www.owasp.org/index.php/Academic_Supporters
>>>
>>>  By addressing the Universities not yet being part of OWASP and getting
>>> the local chapters in touch!
>>>  I am more then glad to help!
>>>
>>> Cheers,
>>>  -martin
>>>
>>>
>>> On Sun, Jun 9, 2013 at 2:56 PM, James Walden <james.walden at gmail.com>wrote:
>>>
>>>> While the list of universities teaching secure development in the US is
>>>> short today, it should expand with the new ACM/IEEE 2013 curriculum
>>>> standard, which mandate secure development across the curriculum.  The
>>>> standards should be finalized by the end of the year.
>>>>
>>>> Thinking of university education, is anyone else attending CISSE 2013 (
>>>> http://www.cisse.info/) this week?
>>>>
>>>>  On Sun, Jun 9, 2013 at 7:19 AM, Martin Knobloch <
>>>> martin.knobloch at owasp.org> wrote:
>>>>
>>>>>    Hi David,
>>>>>
>>>>>  How can I assist?
>>>>>
>>>>>  Cheers,
>>>>>  -martin
>>>>>
>>>>>
>>>>> On Sat, Jun 8, 2013 at 3:31 PM, Tom Brennan - OWASP <
>>>>> tomb at proactiverisk.com> wrote:
>>>>>
>>>>>>  David, thank you for working on this effort; I do not have a answer
>>>>>> for your question however your question does invoke a mapping of the
>>>>>> membership list posted on the OWASP website to the list and logical inquiry
>>>>>> to  Membership & Projects. Martin Knobloch is a very a active education
>>>>>> advocate and I would not be surprised if someone has already conducted
>>>>>> analyst on this demographic for a related OWASP Project
>>>>>>
>>>>>>  OWASP-Leaders your help is requested.
>>>>>>
>>>>>>
>>>>>>  On Jun 8, 2013, at 9:02 AM, David Kadow <david.kadow at owasp.org>
>>>>>> wrote:
>>>>>>
>>>>>>  Quick question: ( this is for the "Come to AppSecUSA" powerpoint
>>>>>> I'm composing )
>>>>>>
>>>>>>  There are approximately 4,000 universities in the U.S., with
>>>>>> enrollment of over 17 million students. Do you know how many universities
>>>>>> actually teach secure development ? In 30 minutes and 13 pages of google
>>>>>> results I find less than 40 ( results below )
>>>>>>
>>>>>>  arizona.edu
>>>>>> asu.edu
>>>>>> auburn.edu
>>>>>> berkeley.edu
>>>>>> cmu.edu/
>>>>>> cochise.edu
>>>>>> colorado.edu
>>>>>> columbusstate.edu
>>>>>> dartmouth.edu
>>>>>> ecsun.edu
>>>>>> fau.edu
>>>>>> gvsu.edu
>>>>>> hawaii.edu
>>>>>> kit.edu
>>>>>> mcsueastbay.edu
>>>>>> mit.edu
>>>>>> msstate.edu
>>>>>> ncsu.edu
>>>>>> nku.edu
>>>>>> pitt.edu
>>>>>> psu.edu
>>>>>> sc.edu
>>>>>> scf.edu
>>>>>> sharif.edu
>>>>>> sjsu.edu
>>>>>> stanford.edu
>>>>>> ucf.edu
>>>>>> uic.edu
>>>>>> uis.edu
>>>>>> usc.edu
>>>>>> usouthal.edu
>>>>>> utdallas.edu
>>>>>> utexas.edu
>>>>>> utsa.edu
>>>>>> washington.edu
>>>>>> wisc.edu
>>>>>> wright.edu
>>>>>>
>>>>>>  Any guidance will be appreciated.
>>>>>> --
>>>>>>
>>>>>> David Kadow, CISSP
>>>>>> 657-464-3250
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> OWASP-Leaders mailing list
>>>>> OWASP-Leaders at lists.owasp.org
>>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>> --
>> Constance Matthews        cmatthews at microsolved.com
>> Account Executive
>> Phone: 614. 351.1237 X 206
>> Cell: 614.286.2408
>> Fax: 512-592-7904
>>
>> Linked In: www.linkedin.com/in/ConnieMatthews
>> PGP Key Available by Request
>> MicroSolved is security expertise you can trust!
>>
>> HoneyPoint Security Server
>> Attackers get stung, instead of you!http://www.microsolved.com/honeypoint
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130613/c1492c86/attachment-0001.html>


More information about the OWASP-Leaders mailing list