This project involves the development and delivery of software security education to university students and professionals, and the dissemination of curricular materials to educators to enable effective security education throughout their courses. A large intentionally vulnerable electronic health record (EHR) application with associated artifacts to support the lessons is provided to all student and educators. Instances of the EHR application are hosted in a virtual environment such that students can get their own virtual instance and practice attacks against the system whereby the attacks would be contained/safe and not cause actual damages. All curricular resources are made freely available to educators. Students are educated in a laboratory-based course with learning objectives met through active learning exercises. Professionals are provided with options for taking the course via a Massively Open Online Course (MOOC) or by taking a course through an always-available system. The educational practices (a) increase the knowledge level of practitioners and students in issues related to software security; and (b) increase the understanding of two forms of online education and on active learning in the university classroom. The research enhances the infrastructure by providing open resources and educational modules for software security. The work improves the ability of practitioners to produce secure and reliable software products so that people can justifiably rely upon computer systems to perform critical functions securely.
|