Agile processes play an important role in the authorpsilas undergraduate course in software engineering. The course is a required course for undergraduate majors in Computer Science. Agile processes, like eXtreme Programming (XP), have been criticized for not providing a good framework for building secure software. The course begins by covering what some people have called ldquothe warrdquo between the traditional waterfall process folks and the agile process folks. After students are given an introduction to various processes on both sides of ldquothe warrdquo (with an emphasis on PSP, CMMI and XP) and after students are introduced to basic concepts about how to make software systems more secure (drawing heavily on Viega and McGrawpsilas book Building Secure Software), the course turns its attention to how XP (in particular) can be made more secure. This topic generates a lot of enthusiasm among the students. The students seem to enjoy the challenge of creating new ideas to improve the manner in which XP addresses security issues. Students have come up with many creative and stimulating ideas about how eXtreme Programming can be made more secure without the necessity for what some have called ldquobig up front designrdquo. This paper presents some of the creative ideas students have come up with regarding this issue and discusses the team projects that give students the opportunity to explore security issues for agile processes in some depth.
{"title":"Getting Students to Think About How Agile Processes can be Made More Secure","authors":"Richard G. Epstein","doi":"10.1109/CSEET.2008.13","DOIUrl":"https://doi.org/10.1109/CSEET.2008.13","url":null,"abstract":"Agile processes play an important role in the authorpsilas undergraduate course in software engineering. The course is a required course for undergraduate majors in Computer Science. Agile processes, like eXtreme Programming (XP), have been criticized for not providing a good framework for building secure software. The course begins by covering what some people have called ldquothe warrdquo between the traditional waterfall process folks and the agile process folks. After students are given an introduction to various processes on both sides of ldquothe warrdquo (with an emphasis on PSP, CMMI and XP) and after students are introduced to basic concepts about how to make software systems more secure (drawing heavily on Viega and McGrawpsilas book Building Secure Software), the course turns its attention to how XP (in particular) can be made more secure. This topic generates a lot of enthusiasm among the students. The students seem to enjoy the challenge of creating new ideas to improve the manner in which XP addresses security issues. Students have come up with many creative and stimulating ideas about how eXtreme Programming can be made more secure without the necessity for what some have called ldquobig up front designrdquo. This paper presents some of the creative ideas students have come up with regarding this issue and discusses the team projects that give students the opportunity to explore security issues for agile processes in some depth.","PeriodicalId":424120,"journal":{"name":"2008 21st Conference on Software Engineering Education and Training","volume":"97 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114270268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In 1989 the professional masters of software engineering (MSE) program at Carnegie Mellon initiated a new approach to graduate level software projects: the software development studio. In 2002 the studio concept was first exported under a cooperative program to teach software engineering at an international partner university. However, CMU quickly determined that student projects, at this partner, lacked progress compared to their CMU counterparts. This paper will focus on the critical lessons that were learned from this ldquoexportrdquo that not only has helped this partnership but also others that are just starting.
{"title":"Exporting Studio: Critical Issues to Successfully Adopt the Software Studio Concept","authors":"D. Root, M. Rosso-Llopart, G. Taran","doi":"10.1109/CSEET.2008.21","DOIUrl":"https://doi.org/10.1109/CSEET.2008.21","url":null,"abstract":"In 1989 the professional masters of software engineering (MSE) program at Carnegie Mellon initiated a new approach to graduate level software projects: the software development studio. In 2002 the studio concept was first exported under a cooperative program to teach software engineering at an international partner university. However, CMU quickly determined that student projects, at this partner, lacked progress compared to their CMU counterparts. This paper will focus on the critical lessons that were learned from this ldquoexportrdquo that not only has helped this partnership but also others that are just starting.","PeriodicalId":424120,"journal":{"name":"2008 21st Conference on Software Engineering Education and Training","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127560539","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. Shoemaker, Antonio Drommi, Jeffrey A. Ingalsbe, N. Mead
This study identifies the places where software assurance knowledge best fits with the elements of a standard software engineering curriculum. This is useful because there is currently no common understanding of the places in a traditional software engineering curriculum where software assurance should be taught. It would appear that the recommendations of the DHS CBK can be justified as a basis for teaching software engineering concepts for developing secure and assured software.
{"title":"Integrating Secure Software Assurance Content with SE2004 Recommendations","authors":"D. Shoemaker, Antonio Drommi, Jeffrey A. Ingalsbe, N. Mead","doi":"10.1109/CSEET.2008.14","DOIUrl":"https://doi.org/10.1109/CSEET.2008.14","url":null,"abstract":"This study identifies the places where software assurance knowledge best fits with the elements of a standard software engineering curriculum. This is useful because there is currently no common understanding of the places in a traditional software engineering curriculum where software assurance should be taught. It would appear that the recommendations of the DHS CBK can be justified as a basis for teaching software engineering concepts for developing secure and assured software.","PeriodicalId":424120,"journal":{"name":"2008 21st Conference on Software Engineering Education and Training","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127581322","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With increasing interest in evidence-based software engineering (EBSE), software engineering faculty face the challenge of educating future researchers and industry practitioners regarding the generation and use of EBSE results. We propose development and population of a community-driven Web database containing summaries of EBSE studies. We present motivations for inclusion of these activities in a software engineering course, and address the particular appeal of a community-driven Web database to students who have grown up in the Internet generation. We present our experience with integrating these activities into a graduate software engineering course, and report student and industry practitioner assessments of the resulting artifacts.
{"title":"Seeds of Evidence: Integrating Evidence-Based Software Engineering","authors":"David S. Janzen, J. Ryoo","doi":"10.1109/CSEET.2008.29","DOIUrl":"https://doi.org/10.1109/CSEET.2008.29","url":null,"abstract":"With increasing interest in evidence-based software engineering (EBSE), software engineering faculty face the challenge of educating future researchers and industry practitioners regarding the generation and use of EBSE results. We propose development and population of a community-driven Web database containing summaries of EBSE studies. We present motivations for inclusion of these activities in a software engineering course, and address the particular appeal of a community-driven Web database to students who have grown up in the Internet generation. We present our experience with integrating these activities into a graduate software engineering course, and report student and industry practitioner assessments of the resulting artifacts.","PeriodicalId":424120,"journal":{"name":"2008 21st Conference on Software Engineering Education and Training","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129711533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}