Integrating Software Assurance Knowledge Into Conventional Curricula
暂无分享,去创建一个
world. Much of our national wellbeing depends on software. So the one thing that America’s citizens should be able to expect is that that software will be free of bugs. Sadly, that is not the case. Instead, commonly used software engineering practices permit dangerous defects that let attackers compromise millions of computers every year . That happens because commercial software engineering lacks the rigorous controls needed to (ensure defect free) products at acceptable cost [1]. Most defects arise from program or design flaws, and they do not have to be actively exploited to be considered a threat [2, 3]. In fiscal terms, the exploitation of such defects costs the American economy an average of $60 billion dollars a year [4]. Worse, it is estimated that in the future, the nation may face even more challenging problems as adversaries – both foreign and domestic – become increasingly sophisticated in their ability to insert malicious code into critical software systems [3]. Given that situation, the most important concern of all might be that the exploitation of a software flaw in a basic infrastructure component such as power or communication could lead to a significant national disaster [5]. The Critical Infrastructure Taskforce sums up the likelihood of just such an event in the following:
[1] John Impagliazzo,et al. Computing Curricula 2005: The Overview Report , 2006, SIGCSE '06.
[2] TopiHeikki,et al. Computing Curricula 2005: The Overview Report , 2006 .
[3] George W. Bush,et al. National Strategy to Secure Cyberspace , 2003 .
[4] Jeffrey A. Ingalsbe,et al. A Comparison of the Software Assurance Common Body of Knowledge to Common Curricular Standards , 2007, 20th Conference on Software Engineering Education & Training (CSEET'07).