IEEE Computer Society Team
The rising demand for security traverses all sectors of the software industry—and expands to include end-users, government organizations, academia, and so on. Recent statistics show that besides a rise in cybercrime targeting networks and systems, over 30% of companies detected attempts to exploit vulnerabilities found in software. This underscores the need to train developers with the skills to design, write, test, and assess code to make software resistant to being exploited.
Want More Tech News? Subscribe to ComputingEdge Newsletter Today!
The Need for Training
With over 4 million software engineers in the US and a compound annual growth rate of 4%, software is available in abundance. But an understanding of the vulnerabilities and potential for exploitation has not increased commensurately. When addressing cybersecurity strategies and policies, most organizations focus on their networks and hardware, and inadequate attention is given to the role of software security in a company’s cybersecurity posture.
The Resources and Methods
The key to providing comprehensive training is to formulate a curriculum with the right approach, components, and delivery.
- Approach. The approach should include putting materials together that can reach the broadest audience. It should be based on spanning the technical depth and breadth of the industry, as well as crossing cultural and linguistic boundaries.
- Components. In harmony with the development of the approach, components such as visual aids, multi-language closed captioning of video lectures, resources for the instructors, and interactive exercises must be included. There also needs to be an effective means for periodic evaluation and assessment of trainees.
- Delivery. Methods of delivery need to reflect the needs of the widest audience possible, so there would need to be provisions for classroom learning to focus on students, as well as professional training courses for your existing workforce, motivational lectures for workshops, and supplemental video lectures to support your instructors.
To get an overview of the current software security curriculum ecosystem, download and read the complete article, “Software Security for the People: Free and Open Resources for Software Security Training” by Elisa R. Heymann and Barton P. Miller, first appearing in the IEEE Security & Privacy Magazine in March-April 2022.