EDU

The field of software development needs developers to write secure code, as well as to continuously respond to evolving threats and adapt system designs to meet new security needs. This requires developers to gain a deep understanding of foundational concepts in secure programming, and continuously learn and practice defensive, secure, and robust coding.

Engineering a secure IT system, in addition to technical skills, requires a particular mindset focused on using cybersecurity solutions effectively against sophisticated and stealthy cyber attacks. The traditional lecture-centric style of teaching has failed to deliver that mindset, which is the direct result of an over-emphasis on specific technical skills (with limited lifespan and insufficient technical depth), abstract rather than deeply technical examination of fundamental concepts, and an impatience in developing broader analytical skills.

Cybersecurity is one of the most strategically important areas in computer science, and also one of the most difficult disciplines to teach effectively. Historically, hands-on cyber security exercises helped students reinforce basic concepts, but most of them focused on user level attacks and defenses. Since OS kernels provide the foundations to the applications, any compromise to OS kernels will lead to an entirely untrusted computing. Therefore, it is imperative to teach students the practice of kernel level attacks and defenses.

It is estimated that a security flaw occurs in in every 100 lines of code written, which makes it difficult to develop secure, and trustworthy software. Given the lack of a sufficient number of developers, the computing industry is turning to smart fuzzing and symbolic execution tools that automatically discover and patch vulnerabilities in computing systems. While these techniques are becoming widely used in industry, few academic programs include these concepts in their educational programs.

All technology professionals require basic proficiency in cybersecurity. However, typical computing curricula do not require any courses in cybersecurity. As a result, a majority of students graduate without any proficiency in cybersecurity relevant to the systems they will develop and use when they join the workforce. Moreover, cybersecurity electives often cover only technical topics, and technology professionals must understand how cybersecurity is influenced by social factors.