Universities aren’t training software developers in security. Does that matter?

Taylor Armerding
6 min readAug 24, 2020
Photo by Nathan Dumlao on Unsplash

If you want a good job but you aren’t born into the family business, it usually takes at least two things: opportunity and training. And it’s clear that the opportunity part is there in software development and security.

Software is everywhere. It was almost a decade ago, after all, that Marc Andreessen, Netscape cofounder and now venture capitalist, famously said “software is eating the world.”

Today, software has eaten most of the world — if anything, its appetite has increased. It is behind just about everything we use and do, from our vehicles to our retail purchases, appliances, home security, communication, education, entertainment, healthcare — the list is almost endless.

That’s one of the reasons unemployment in the software industry is low to virtually nonexistent. For developers, unemployment is an estimated 1.6%, and the median salary of those jobs is more than $100,000.

For software security, the prospects are even better. The unemployment rate has been below zero for several years, and estimates are that by next year there could be 3.5 million unfilled cybersecurity positions. Many of these jobs, by the way, pay better than $200,000 a year.

So you would think computer science programs at colleges and universities would be focused on giving students the qualifications necessary to grab one of those waiting, lucrative opportunities.

But you would be only partially correct. There are plenty of programs that focus on software development skills. But when it comes to software security, not so much. Forrester research reported last year that of 40 university computer science programs it surveyed across the U.S., not one required students to take courses in secure coding or secure application design.

Is that a problem? The views from experts are mixed.

Skills gap? No wonder

Jonathan Knudsen, senior security strategist at Synopsys, says it is at least a disconnect. “Think about how people learn to build airplanes,” he said. “Safety is part of every aspect of aviation — aerospace engineers don’t just learn how to make something fly, but how to make something that flies safely.”

Taylor Armerding

I’m a security advocate at the Synopsys Software Integrity Group. I write mainly about software security, data security and privacy.