Microsoft asks universities to teach hacking

Microsoft asks universities to teach hacking

Microsoft is working with a number of universities in several countries to set up courses that teach students how to write secure code. The University of Leeds in England is the first to announce such a course.

As part of an 11-week module that would start in January next year, third-year undergraduates at the University of Leeds would be asked to hack into software and fix any security bugs they find, senior teaching fellow at the School of Computing, University of Leeds, Nick Efford, said.

"We are going to get our students to think about software in a different way and look at software with a different perspective. We will give them examples of software and will ask them to perform a security audit of it and identify things that are insecure and then ask them to fix the problems."

Students would be confronted with security vulnerabilities such as buffer overruns and taught how to prevent those when writing software, Efford said. That focus on security in software engineering and the hands-on experience made the course different from most existing security classes, which typically focused on network security and cryptography.

Microsoft is partly funding Efford's fellowship and is helping with the curriculum's content.

The software maker was in talks with other universities on similar programs, chief security officer for Microsoft in the UK, Stuart Okin, said.

"We are talking to a number of universities in the US," he said. "I hope for a world where, in a few years' time, every computing course is teaching some part of writing secure code."

Microsoft's university program is closely linked to its Trustworthy Computing initiative, a Microsoft-wide focus on securing its products that was launched early last year. As part of that initiative, Microsoft halted the development work of thousands of software engineers for 10 weeks to train them to look at software like hackers do.

Okin would like to see all software vendors share their knowledge with academic institutions so future programmers have better security knowledge.

"The software industry as a whole will want to take on people who have this skill set," he said.

That Microsoft was sponsoring the course at the University of Leeds did not mean students would only work with Microsoft's technology, Efford said.

"We are not focusing exclusively on any one vendor's technology," he said. "We have to equip our students with broad knowledge."

Okin agreed: "We need to get input from others as well. Clearly there is no point in these undergraduates learning only about Microsoft technology. We need a broad approach."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments