Microsoft asks Leeds University to teach hacking

Microsoft is working with Leeds University to set up a course that teaches students how to write secure code.

Microsoft is working with Leeds University to set up a course that teaches students how to write secure code.

As part of an 11-week module that will start in January next year, third-year undergraduates at Leeds will be asked to hack into software and fix any security bugs they find, Nick Efford, senior teaching fellow at the school of computing, said.

"We are going to get our students to think about software in a different way and look at software with a different perspective. We will give them examples of software and will ask them to perform a security audit of it and identify things that are insecure and then ask them to fix the problems," Efford said.

Students will be confronted with security vulnerabilities such as buffer overruns and taught how to prevent them when writing software. The focus on security in software engineering combined with hands-on experience makes the course different from most existing security classes, which typically focus on network security and cryptography, according to Efford.

Microsoft is partly funding Efford's fellowship and is helping with the curriculum's content. The software maker is in talks with other universities about similar programmes, said Stuart Okin, chief security officer for Microsoft in the UK.

"We are talking to a number of universities in the US," he said. "I hope for a world where in a few years' time every computing course is teaching some part of writing secure code."

Microsoft's university programme is closely linked to its Trustworthy Computing initiative, a Microsoft-wide focus on securing its products that was launched early last year.

As part of the initiative, Microsoft halted the development work of thousands of software engineers for 10 weeks to train them to look at software in the way that hackers do.

Okin would like to see all software vendors share their knowledge with academic institutions so future programmers have better security knowledge. "The software industry as a whole will want to take on people who have this skill set," he said.

Although Microsoft is sponsoring the Leeds project, students will not just work with Microsoft's technology, Efford said. "We are not focusing exclusively on any one vendor's technology. We have to equip our students with broad knowledge."

Read more on IT risk management