TEACHING SOFTWARE SECURITY: A MULTI-DISCIPLINARY APPROACH

As computing devices become more and more ubiquitous, the importance of software security cannot be overlooked. As such, many software engineering and computer science programs offer an elective course in software security. While the title of these courses is often similar, the content is often vastly different, reflecting the large domain of software security. Certain aspects of security appeal to practitioners, certain aspects appeal to Computer Scientists, and certain aspects apply MIS personnel. In order to provide a holistic view of computer security, software engineering students need to have exposure to all three aspects. Thus, for software engineering students, a single course in security can be inadequate. To combat this problem, the Milwaukee School of Engineering has developed a three course sequence in software security targeting the multi-disciplinary problem of security. While each of the three courses addresses software security, each course targets a different aspect. An Introduction to Network Security offers students an understanding of the nature of network security. Secure Software Development focuses the design and construction of software systems in a manner in which security is built into the product from the beginning of development. Information Security offers students an understanding of the techniques used to ensure that data and other systemic information is protected using the most appropriate techniques. Since the development of this sequence, one or more of these courses has been taken by approximately 100 students in the software or computer engineering programs. This article provides an overview of the three courses offered at Milwaukee School of Engineering, the challenges of offering these courses as independent electives, and student impressions of the security course series.