Students can graduate with a software engineering degree without ever learning anything about building secure systems. Since the fall of 2006 a software security course at our department has given students the oppertunity to learn the theoretical foundation and practical experience necessary to start comprehending the issues of software security.
TDT4237 - Software Security was developed in close cooperation with SINTEF, a Norwegian research foundation closely tied to NTNU and our department. The course has had more than 60 students each year, which is rather high for an elective class. The students interest in software security might reflect the perceived importance of the course for real world applications.
Lillian Røstad (in photo) has been teaching the software security course since 2006. In the paper Learning by failing (and fixing), which appeared in the july/august edition of IEEE Security and Privacy, the experience from the teaching TDT4237 and specifically the results from the exercises were reported.
The exercises in the course was designed to collect data on security mistakes made by the students. The paper is a nice example on how it is possible to make teaching activities publishable. Read more in the Learning by Failing (and Fixing) article at the IEE Secuity & Privacy website.