“Software security is reached when you make it a standard way of building software.” — Eric Baize
Eric Baize is on a mission. That mission is to have software security become an integral part of a programmer’s education. According to Baize, students in college and universities are taught software engineering and programming languages, but rarely do these courses include the security practices which are common knowledge in the industry.
I spoke with Eric about his views on what should be included in a programming curriculum as well as who is ultimately responsible for the security of a system.
Listen to the interview: Eric Baize Interview: Why isn’t software security included in the programming curricula?
- 00:20 Common practices missing in software security education
- 02:21 Maturity in software security
- 04:19 Who is ultimately responsible for a system’s security
- 07:01 Organizational responsibility in education
- 08:55 The BSIMM initiative
- 11:25 A different way to measure security vulnerabilities
- 13:01 Security trends in the next year
Eric Baize is Senior Director of the Product Security Office at EMC Corporation. He leads the Product Security Office with company-wide responsibility for product security and supply chain assurance, covering vulnerability response handling, security development lifecycle implementation, supply chain risk management, coordination of security certifications and integration of RSA technology in EMC products and solutions.
Since joining EMC in 2002, Mr. Baize pioneered EMC’s push towards security. He was a founding member of the leadership team that drove the acquisition of RSA Security and Network Intelligence in 2006 and later led RSA’s strategy for cloud and virtualization. Prior to joining EMC, Mr. Baize held various positions for Groupe Bull in Europe and in the US.
Mr. Baize is a Certified Information Security Manager, holder of two U.S. patents, author of international security standards and a regular speaker at security conferences in the US and Europe. He represents EMC on the SAFECode board of directors.