The University of Leeds has become the first academic institution to offer a course teaching students how to hack into software. The real aim of the course, which is backed by Microsoft, is to teach students how to write more secure code to thwart hacking.
As part of an 11 week module that will start next January, third-year undergraduates at the University of Leeds will be asked to hack into software and fix any security bugs they find, said Nick Efford, senior teaching fellow at Leeds University’s School of Computing.
"We are going to get our students to think about software in a different way and look at software with a different perspective. We will give them examples of software and will ask them to perform a security audit of it and identify things that are insecure and then ask them to fix the problems," Efford said.
Students will be confronted with security vulnerabilities such as buffer overruns and taught how to prevent those when writing software. That focus on security in software engineering and the hands-on experience makes the course different from most existing security classes, which typically focus on network security and cryptography, according to Efford.
Microsoft is partly funding Efford's fellowship and is helping with curriculum content. The software maker is in talks with other universities about similar programs, said Microsoft's Stuart Okin.
"I hope in a few years' time every computing course is teaching some part of writing secure code", said Okin.
Microsoft is sponsoring the course at the University of Leeds, but that does not mean students will only work with Microsoft's technology, Efford said. "We are not focusing exclusively on any one vendor's technology. We have to equip our students with broad knowledge," he said.