Pushing the boundaries at Universities

Last night I guest lectured at the local university, doing a talk on STRIDE threat modelling and how to write more secure code. Talk went over ok I guess, but I could tell many of the students still haven't "figured out" that security is important.

Today, as I do my daily ritual of /. goodness, I came across an article where the U of C (my old stomping grounds) is now going to teach how virii work, and even how to write them. As usual the anonymous cowards (well most posts actually) bitch and complain about it, and start throwing around anti-canadian sentiment. *sigh*

I actually think U of C is bang on. Here is a quote in my slide presentation I did last night on Threat Modelling:

You cannot build secure systems unless you know the threats to which you are susceptible

I hold to this. In their case, you can't STOP a virus, unless you know how it works. No one criticizes the same approach in medicine when people make flu vaccines. In case you didn't know, they "play" with exisiting virii to basically build a vaccine of a milder case of the flu to inject you with, then allowing your natural white blood cells to create antigens to fight off the actual flu. Sometimes, they make evil strains that are hard to almost impossible to stop. As they do it in contained and confined labs, there is a level of protection to allow them to do such things safely. Same goes for these digital virri in the isolated lab at the U of C.

Anyways, kudos to the U of C. Hopefully the program will help create better developers that will understand the threats they are suceptible to, and thus create better quality code to fight against it, and in the end make a more safer computing environment for everyone.