Shifting the Paradigm: Training Undergraduate Students in Software Security

Computer software is typically developed according to software engineering methodologies. However, with the introduction of the Internet and the World Wide Web, protecting data has become a topic of importance. In order to protect data from hackers and saboteurs in a global society where e-commerce, ebusiness, and e-sharing are the “norm”, professionals should have sound knowledge in methods to protect data. Consequently, the area of information assurance (IA) has become one of great significance and it is important that the next generation of technologists are trained in development techniques that can ensure the confidentially and integrity of information. Traditionally, courses in secure software development are offered at the graduate level or in a stand-alone software security course at the undergraduate level. The aim of this paper is to present a paradigm for introducing software security to undergraduates in a traditionally taught software engineering course. The paper also presents challenges and future work.