George Ledin
Communications of the ACM, Volume 48, Number 1 (2005), Page 144
ISSN 0001-0782
January 2005
Computer security courses are typically of two kinds. Most are of the first kind: guided tours to concepts and terminology, descriptive courses that inform and acquaint. These courses have few or no prerequisites and little technical content. The second kind of computer security courses is taken primarily by computer science majors. Usually elective courses, they offer a technical menu, often focused on cryptography. Systems, access control models, protocols, policies, and other topics tend to get less coverage.
A critically important topic, viruses and worms, gets the least coverage. Anecdotal and historical information about them may be presented, but source code discussions are rare and programming a virus or worm and their antidotes is seldom required. Not too long ago, crypto was a taboo topic subject to government controls. Developments, such as PGP, helped remove these prohibitions, and serious academic research is now routine. Virus and worm programming should likewise be mainstreamed as a research activity open to students. As previously with crypto, there are barriers to overcome.