Cultivating the ability of security coding for undergraduates in programming teaching

To address the problems existing in current college programming education, we consider that the cultivation of security coding ability may be combined within existing courses, such as programming courses, operating system and software engineering curriculum, etc. This paper reviews the authors´ several-year practice of integrating the training of the students´ security coding ability with programming courses. Three key stages of practice are introduced, which are organic combination with programming curricula, choosing proper textbooks and the introduction of security coding examples. The authors strive to achieve three improvements in the cultivation of students´ ability: improvements from defensive programming to security programming, adding secure functions instead of security functions, and paying more attention to enhancing the software quality instead of security. The main contents of security software coding best practices integrated into our teaching practice are given. The testing result shows that the students´ security coding ability can be improved, and in fact many of whom have performed well in job interview and get a good job.