Teaching Secure Supply Chain Risk: Experiment in an 'Introduction to Cybersecurity' Course
Teaching Secure Supply Chain Risk: Experiment in an 'Introduction to Cybersecurity' Course
File Size:
553.11 kB
Author:
Terry Downing-Harris, Siddharth Kaza, Blair Taylor, Yeong-Tae Song
Date:
27 November 2024
The software supply chain and the security of software applications purchased through the Commercial-Off-The-Shelf (COTS) is becoming the focus of government and industry. Higher educational institutions can help by teaching secure supply chain risk management (SCRM), which can help secure COTS software applications. This work presents the results of an experiment that integrated secure SCRM into the software engineering curriculum at Towson University (a diverse, comprehensive institution with a large computer science program). This integration focuses primarily on using the US National Institute of Standards and Technology (NIST) standards to secure COTS software applications effectively. With a focus on undergraduate education, learning modules used in this integration are designed to be injected into almost any course in software engineering curriculum. The overall goal is to provide a model that can be replicated by all universities for integrating secure SCRM into the software engineering curriculum.