Development and Transition of the SEI Software Assurance Curriculum

https://www.sei.cmu.edu/about/divisions/software-solutions-division/
https://www.sei.cmu.edu/about/divisions/software-solutions-division/

Posted: July 13, 2017 | By: Dr. Carol C. Woody, Nancy R. Mead

The SEI collaborated with the CICESS and Illinois Central College (ICC) to develop a two-year degree program in Secure Software Development, incorporating an apprenticeship model. Part of the reason we focused on community college education (in addition to four-year undergraduate degree programs and master’s degree programs) is that, according to the American Association for Community Colleges, roughly half of U.S. undergraduate students have attended community college [Mead 2010b].

ICC in East Peoria, IL is a comprehensive community college in the Illinois Community College system. Approximately 10,500 students are enrolled in 58 applied degrees, 72 certificates, and over 50 areas of study in associate of arts and associate of science degrees for transfer. ICC has a close working relationship with many local employers in central Illinois, particularly in the applied sciences.

In the information systems programs, these partnerships are usually in the form of student internships and work-study opportunities at the college. Apprenticeship programs with employers involved in the CICESS had not been considered in prior years. ICC faculty presented the option as part of their Applied Science degree, in which students would take approximately 42 credit hours of technical computer science and database courses and only 18 credit hours in general education. ICC had an existing Associate in Applied Science (AAS) degree in Computer Science and Database Development that seemed to more closely fit employer needs. The goal of the CICESS was to provide apprenticeships in secure software development; however, the new curriculum needed to include computer security and software assurance concepts.

This is the point at which ICC faculty members began integrating the SEI Software Assurance Curriculum with their own. The SwA curriculum recommendations for community colleges [Mead 2011b] consisted of the six courses mentioned earlier. ICC faculty consulted with employers to determine which SwA courses were needed in addition to the SEI recommended courses. Employers felt that students needed a good foundation in SQL, C#, and Mobile Applications in addition to programming and security courses.

The new AAS degree in Secure Software Development consists of the following program requirements. Courses in bold were modified or added as part of the new program, in collaboration with the SEI.

  • CS I: Programming in Java
  • CS II: Programming in Java
  • CS III: Advanced Programming in Java
  • Structured Query Language
  • Introduction to Relational Database
  • C# Programming
  • Mobile Application Programming
  • Introduction to Computer Security
  • Secure Coding
  • Introduction to Assured Software Engineering
  • Database Administration
  • Structured System Analysis – two electives in computer programming, web, or networking, depending on employer needs
  • 19 credit hours in general education courses

Developed courses were offered in a traditional 16-week semester in 8-week courses and in an online format. Students who wished to be eligible for the CICESS apprenticeship program took the courses in accelerated 8-week sessions. In addition, employers wanted to be assured that the student apprentices had an aptitude for computer programming. Therefore, students who wanted to be considered for apprenticeship had to take a commercial computer programming aptitude test, the Berger Aptitude for Programming Testing [B-APT], and achieve a minimum score of 20. The B-APT assesses the student’s ability to do computer programming: “Organizations use the B-APT primarily to identify high aptitude candidates for programmer training. The examinee need have no prior experience in programming, and those with some experience gain no advantage over the inexperienced. The tutorial, which uses a hypothetical language, equates the potential of the inexperienced with the experienced.”

ICC implemented and launched the AAS degree in Secure Software Development in the Fall 2015 semester with over 20 students in the program. In Fall 2016, the number of incoming students more than doubled and some of the students in the first cohort started apprenticeships with industry partners.

Want to find out more about this topic?

Request a FREE Technical Inquiry!