Desmond File

Blog archive

Back to School

Six months ago or so, I interviewed Microsoft security expert Mike Howard about the challenge his company faced as it worked to make the development of fundamentally secure software a core mission of every project. Known as Security Development Lifecycle (SDL), the effort took years to complete, and ultimately resulted in the release of much more secure code.

One complaint Howard voiced in that interview was the lack of security-related awareness and training among entry-level programmers arriving at Microsoft. He specifically pointed a finger at undergraduate institutions, which he said were producing programmers who didn't have to consider code vulnerabilities during their formal education. As a result, Microsoft now sends new arrivals to a weeks-long security training program, just to get them up to speed. In a sense, Microsoft is doing the work that schools should've accomplished.

We've heard other complaints, as well, about college-level programs.

Our senior editor, Kathleen Richards, is working on an upcoming feature about computer science education in colleges and graduate schools, and how it's changing (or not changing) to meet modern challenges. We want to hear from you. If you're hiring newly graduated programmers, what are you noticing?

And as a development manager, if you could send a message to the people who run the computer science curricula at major schools, what would you want to say to them? Now is your chance. E-mail me at [email protected].

Posted by Michael Desmond on 10/03/2007 at 1:15 PM

comments powered by Disqus


  • Microsoft's Tools to Fight Solorigate Attack Are Now Open Source

    Microsoft open sourced homegrown tools it used to check its systems for code related to the recent massive breach of supply chains that the company has named Solorigate.

  • Microsoft's Lander on Blazor Desktop: 'I Don't See a Grand Unified App Model in the Future'

    For all of the talk of unifying the disparate ecosystem of Microsoft-centric developer tooling -- using one framework for apps of all types on all platforms -- Blazor Desktop is not the answer. There isn't one.

  • Firm Automates Legacy Web Forms-to-ASP.NET Core Conversions

    Migration technology uses the Angular web framework and Progress Kendo UI user interface elements to convert ASP.NET Web Forms client code to HTML and CSS, with application business logic converted automatically to ASP.NET Core.

  • New TypeScript 4.2 Tweaks Include Project Explainer

    Microsoft shipped TypeScript 4.2 -- the regular quarterly update to the open source programming language that improves JavaScript with static types -- with a host of tweaks including a way to explain why files are included in a project.

Upcoming Events