Microsoft funds secure code-writing course at Leeds Uni

Microsoft? Secure? Code? Who'd have thought...

The University of Leeds has received funding from Microsoft to teach would-be developers to write secure code. The module will be available to 100 undergraduates at Leeds from January 2004. Dr Nick Efford, who is designing the syllabus, said it will differ from modules at other universities. "They have traditionally emphasised network security, cryptography and things like that," he said. "Our course is emphasising secure coding and software security. We will still cover cryptography but that will not be our focus." Efford said the course will cover areas such as modelling threats and vulnerabilities of software, design principles and coding techniques. "We will illustrate all of these with case studies, classic security problems that have emerged... for example Melissa and Slammer... looking in each case at what gave rise to the problem in the first place and how it was dealt with." Microsoft's UK chief security officer, Stuart Okin, said: "Regardless of which vendor's product you use, or which industry you are in, computer security and privacy is probably today's top concern." He said Microsoft's Secure Windows Initiative, which was highlighted in January last year by Bill Gates' email to employees, resulted in 11,000 Microsoft developers being trained to write secure code. "It occurred to me last year when I took on the role to see what courses were out there in writing secure code," he said. "Leeds was interested and we had the material. A lot of it is very generic and doesn't have to apply to Microsoft technology." The course is based on a methodology that Microsoft uses, called "stride", said Okin. He said the methodology is based Michael Howard's book, Writing secure code. Efford backed up Okin's claims of impartiality, saying that at Leeds they have a completely free hand to use any technology in their teaching. "Our systems run both Windows and Linux and like many universities we are involved in both camps. We use whatever tools are appropriate to the case in hand. That applies also with Unix security issues." The plan is that the material from the new module will be made available for other universities to use. Depending on how the course develops, it could be expanded to a masters degree and developing distance-learning variations. The Leeds module follows Microsoft's support of the UK's first postgraduate course in .Net at Hull university, starting in September 2003. Dr Stuart Neilsen-Marsh, .Net academia manager at Microsoft, said that future courses supported by Microsoft are likely to include e-learning, pen-based devices, gaming, mobile and wireless technologies. Andrew Swinton writes for ZDNet UK