[unisog] University virus-writing course?
pmeunier at purdue.edu
Wed May 28 17:32:02 GMT 2003
On 5/23/03 9:22 AM, "Martin Sapsed" <m.sapsed at bangor.ac.uk> wrote:
> I've just noticed this snippet referring to a longer article in a Sophos
> E-news bulleting. Is this really news and do people here have opinions?
> UNIVERSITY VIRUS-WRITING COURSE IS IRRESPONSIBLE, SAYS SOPHOS
> Sophos reacts with surprise and disappointment to the news that
> the University of Calgary in Canada is offering its students a
> course in malicious virus-writing.
> P.S. This isn't intended to be marketing for Sophos, I'm just a customer...
The class url is at http://pages.cpsc.ucalgary.ca/~aycock/599.48/
While reading the reaction, I was amused by their assertion that the only
real way to learn viruses should be by working in one of the current AV
labs. If I didn't misread that and there wasn't a reporting error, perhaps
the AV vendors are afraid that this will generate competition if more people
understand viruses... In reality this highlights the poor state of software
security and the lack of confidence by AV experts that it will get better.
Who would care about viruses if the software was secure? This is why I
instead took the approach of teaching secure programming in the Fall 2002
(http://www.cs.purdue.edu/cs390s and http://www.cs.purdue.edu/cs490s). I
think what's really irresponsible is releasing insecure software, and
graduating students in computer science who have no idea how buffer
overflows happen. The core curriculum in computer science needs to include
courses like mine. Currently they are just 1 credit electives for which I
have to find scraps of funding on my own, so I can't even tell students if
it will be given or not until the semester starts. This needs to be taken
more seriously and given real support. Read the links and think for
Pascal Meunier, Ph.D., M.Sc., CISSP
Assistant Research Scientist
Purdue University CERIAS
656 Oval Drive
West Lafayette, IN 47907-2039
+1 (765) 494-7841 (main)
More information about the unisog