UK computing graduates lack security skills
By Asavin Wattanajantra,
The vast majority of UK computing students receive virtually no security training when it comes to designing and developing new software applications, according to government funded research.
Less than 20 per cent of all computing undergraduates in the UK receive more than five hours training in incorporating security functionality over the three to four year duration of their course. This was according to research by the Cyber Security Knowledge Transfer Network(KTN), which was created in 2006 by the government's Technology Strategy Board.
The study took the form of an analytical review of open source web material taken from 75 UK universities which had good reputations for producing future software developers.
"Frankly I was surprised by how low the figures were," said Bill Whyte, an independent IT security consultant who conducted the research.
"Today's computing market is a complex chain of software activities and is vulnerable as its weakest link. The study is clear - security issues stem from the beginning of the chain."
He warned: "We need to get a greater percentage of security-literate graduates out there or the number of otherwise-avoidable financial losses will grow."
The KTN believed that the study showed that software development did not feature strongly enough on the UK's list of IT security priorities.
"The cost associated with security breaches and investment in information security could both be mitigated if software was developed with fewer security flaws and vulnerabilities," said KTN director Nigel Jones.
"The bottom line is that if we want to solve the problems we need to start by fixing the route cause. The greatest problem we have is that awareness of this fix is very limited.
He added: "Just look at the recent BERR and PriceWaterhouseCoopers report on UK information security breaches. There is not a single reference to secure software development in any of its 32 pages."
In an event held in London's Southbank University connected to the release of the survey, experts identified two areas that could be improved by better developer understanding of security.
One was that it could reduce the number of software flaws which could be exploited maliciously, such as buffer overflows.
The other was to reduce the number of vulnerabilities caused by poor security design, such as weak authentication.
advertisement
Latest Security Features
Lessons to learn from a year of data breaches
In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
Latest Security Reviews
Boston 3000GP - AMD Shanghai Server
Rating: 
- Fortinet FortiGate-3810A
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?