UK computing graduates lack security skills
By Asavin Wattanajantra,
The vast majority of UK computing students receive virtually no security training when it comes to designing and developing new software applications, according to government funded research.
Less than 20 per cent of all computing undergraduates in the UK receive more than five hours training in incorporating security functionality over the three to four year duration of their course. This was according to research by the Cyber Security Knowledge Transfer Network(KTN), which was created in 2006 by the government's Technology Strategy Board.
The study took the form of an analytical review of open source web material taken from 75 UK universities which had good reputations for producing future software developers.
"Frankly I was surprised by how low the figures were," said Bill Whyte, an independent IT security consultant who conducted the research.
"Today's computing market is a complex chain of software activities and is vulnerable as its weakest link. The study is clear - security issues stem from the beginning of the chain."
He warned: "We need to get a greater percentage of security-literate graduates out there or the number of otherwise-avoidable financial losses will grow."
The KTN believed that the study showed that software development did not feature strongly enough on the UK's list of IT security priorities.
"The cost associated with security breaches and investment in information security could both be mitigated if software was developed with fewer security flaws and vulnerabilities," said KTN director Nigel Jones.
"The bottom line is that if we want to solve the problems we need to start by fixing the route cause. The greatest problem we have is that awareness of this fix is very limited.
He added: "Just look at the recent BERR and PriceWaterhouseCoopers report on UK information security breaches. There is not a single reference to secure software development in any of its 32 pages."
In an event held in London's Southbank University connected to the release of the survey, experts identified two areas that could be improved by better developer understanding of security.
One was that it could reduce the number of software flaws which could be exploited maliciously, such as buffer overflows.
The other was to reduce the number of vulnerabilities caused by poor security design, such as weak authentication.
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: 
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?