The coding curriculum requires urgent revamp. Addressing a decades-old defect in coding academics can significantly affect the software supply chain, especially its security.
We need to incorporate security into the elementary-level developer courses. Such an inability can lead to several vulnerabilities associated with some of the standard bug classes.
“The fundamental problem is that we do not teach software developers how to write secure software. I don’t care if it’s a separate course or embedded [in other coding courses; that’s not the question. The question is: when software developers are learning the basics of their craft, do they learn the basics of developing secure software? And the answer is mostly “no,” says David A Wheeler, Director, Open Source Security Software, Linux Foundation.
READ MORE: CSS Injection Flaw Corrected in Acronis Cloud
He informs it is estimated that around ninety to ninety-five percent of all susceptibilities belong to a relatively small set of standard classes. As a result, if developers are presented with a curriculum that enables systematic prevention of such errors and includes tools to find stragglers, such vulnerabilities can be easily prevented. Moreover, problems that occurred in the past can be analyzed and fixed.
Wheeler also feels that the current educational system should be more responsible for social needs. However, it is not to say that technical experts, enterprises, or organizations aren’t aware of the situation. For example, more than a decade ago, Oracle and some other enterprises issued an open letter regarding revamping educational systems. Yet, the impact has been minimal, and the universities are yet to update the system. There is no implying that the present educational system is totally incompetent as it involves some long-standing practices. Time-tested methods will always have applicability in the present and future cyber security space.
READ MORE: Nearly 35% of Cyber Security Experts Say Prioritizing Vulnerabilities is a Tough Task
“If you’re doing DevOps, you pretty much need a CI pipeline, and this is an obvious place to insert security tools. But if the developer doesn’t know what they’re doing, they won’t know what the tool is telling them and what to do about it”, continues Wheeler.