In a recent blog post, CISA Director Jen Easterly said that security training must be an essential component of all university-level computer science courses.
Easterly’s blog post followed a speaking engagement at Carnegie Mellon University where she met with students and faculty to discuss technology product safety. In her blog post, she said that “we’ve unwittingly come to accept as normal that such technology is dangerous-by-design.” She stressed that this situation “is not a sustainable one.” Rather, she urged a new model where consumer safety is “front and center in all phases of the technology product lifecycle.”
While she focused on the responsibility of technology manufacturers to adopt this new approach, she also stressed changes that will need to happen at colleges and universities.
“A major part of this equation also lies with universities which can play an important role by weaving security through all computer science coursework,” Easterly wrote. “Students need to be well-educated on security—including on memory safety and secure coding practices, and professors have a major role here.”
Additionally, she said that universities can also help nudge technology manufacturers in the right direction when it comes to baking in security from day one.
“Steps taken today at universities around the country can help spur an industry-wide change towards memory safe languages and add more engineering rigor to software development which in turn, will help protect all technology users,” she wrote.
