Initial Transition Activities
It was clear to us from the outset that a comprehensive plan for promoting the transition and adoption of the curriculum would be needed. Introducing a single new elective course is a relatively easy undertaking. However, introducing a track is ambitious, and contemplating a whole new degree program can be a daunting task. The barriers can range from a lack of interested students in a particular geographic area, to a lack of qualified faculty, to a lack of administrative support. We therefore put a transition plan in place before the curriculum was published and executed. The activities included the following:
- Publicity: We prepared an announcement that was broadcast via email to SEI subscribers and posted on the DHS and SEI websites. We also developed a press release that went out to a number of educational publications, professional societies such as ACM and IEEE, and ACM and IEEE publications. We developed a flyer that was distributed by team members and their colleagues when they attend conferences.
- Discussion group: We established a LinkedIn discussion group that now has nearly 600 members.
- Awareness: We also conducted an awareness-raising workshop at the Conference on Software Engineering Education and Training (CSEET) in 2010 and videotaped it. We also recorded several webinars and podcasts to provide an overview of the work.
- Mentoring: Initially the curriculum development team provided free mentoring to universities or faculty members who wished to offer a course, track, or Master of Software Assurance (MSwA) degree program.
- Publications: We produced more than 20 papers and conference talks, including keynote presentations.
- Professional society recognition: We received official recognition of the curriculum from the ACM and the IEEE Computer Society.
As a consequence of our initial outreach activities, a number of universities and training organizations adapted various aspects of the curriculum work. Courses and tracks based on the curriculum recommendations were developed and offered by Carnegie Mellon University, Stevens Institute of Technology, The U.S. Air Force Academy, University of Detroit Mercy, University of Houston, and the International Information System Security Certification Consortium (ISC)2. In addition, Polytechnic University of Madrid designed a Master of Software Assurance degree program.
The SEI developed three courses based on the initial curriculum recommendations. These included an Executive Overview course, and from the MSwA Curriculum, academic course materials for Assurance Management and Assured Software Development 1. These courses are available for free download from the SEI website.
The SwA curriculum work influenced other curriculum activities. For example, the Securely Provision area of the National Institute of Standards and Technology (NIST) NICE curriculum draws on the SwA curriculum work. More recently, the draft Cyber Security Curricula 2017 (CSEC) reflects aspects of the SwA curriculum work, particularly in the software security knowledge area.
In addition, a collaborative effort led to a successful community college degree program in secure software development. We also modified and transitioned our Assured Software Development 1 course materials to SPAWAR SD for in-house use in their own training programs. These are discussed in subsequent sections of this article. A timeline for the curriculum work and its transition is shown in Figure 2.
Figure 2. Developing and Transitioning the Curricula Work