This from Alan Paller at the SANS Institute, without a trace of irony. “UC Davis Professor Matt Bishop demonstrated that computer science students can master secure coding without asking college faculty to learn it or teach it.”
Cornell, University of North Carolina at Charlotte, Virginia Tech and UC Davis will all get money to host the National Security Coding Clinics initiative. In this model graduates students and professionals are brought in to review students programming assignments and show them where the secure coding errors are, and how to fix them. It seems Prof. Bishop has tried this with his own students and found “students not only radically reduce their secure coding errors but also become `converts’” to the religion of secure coding.
Paller is encouraging hiring managers to contact the schools where they hire programmers from and encourage them to get in on the NSCCs. Or, they could just have the faculty to teach it.