With increasing frequency Internet-based attacks are targeting specific applications. The need for security in application development has been discussed/debated for years, and as a result a new breed of security vendors was born (Veracode, Core Security, etc.). to combat these activities.
But how is the academic world responding to this need? I am a firm believer that if sound security practices are taught consistently over a period of time (high school and beyond), then minimially when a developer gets to the “real world” they will at least be aware of how to incorporate secure coding principles into their work.
When I was in college our goal was to make the program work. How it worked was secondary (although certain structures/procedures were required). But at no point was security actively discussed or incorporated into any project we were assigned. This was a little over 10 years ago so I’m wondering how it has changed since then.
By incorporating security into the mindset early on I believe applications can be developed that will reduce the risk of them being successfully attacked.