Hi. I hope that you'll pardon a bit of self-promotion, but I think that it's in
a good cause.
Elisa Heymann and I are teaching one of our software security tutorials at SC2016
and I wanted to bring that to your attention. The tutorial will cover things like
secure coding techniques (how to program and not get attacked), software assurance
tools (scanning tools that will help you find flaws in your code), and use of
an open and free facility that hosts such tools (the SWAMP). We're basing a lot
of what we teach on real mistakes that we've found in programmers' code, over the
years that we've done in-depth software assessment projects.
Certainly, if you're writing code that will be part of any online service, even
part of a web service, your code is open to attack. With some introduction to
how you approach and think about an adversary, and a nice collection of practical
techniques, you can definitely write stronger code.
And, even if you don't deploy your code, you could still be vulnerable. If take
input datasets from outside your group, those datasets could contain an attack
on software that you never deploy on the Web and only run yourself.
In any case, the material is fun and could help your team write better code.
Consider attending or sending some of your students or staff.
You can find more details about course at:
http://sc16.supercomputing.org/presentation/?id=tut112&sess=sess223
Let me know if you have any questions or suggestions...
best, --bart
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}