TEACHING SECURITY-RELATED SOFTWARE TESTING
WTST 2012: The 11th Annual Workshop on Teaching Software Testing
January 27-29, 2012
at the Harris Institute for Assured Information
Florida Institute of Technology, Melbourne, Florida
Software testing is often described as a central part of software security, but it has a surprisingly small role in security-related curricula. Over the next 5 years, we hope to change this. If there is sufficient interest, we hope to focus WTSTs 2012-2016 on instructional support for teaching security-related testing.
OUR GOALS FOR WTST 2012
- Survey the domain: What should we consider as part of “security-related software testing”?
- Cluster the domain: What areas of security-related testing would fit well together in the same course?
- Characterize some of the key tasks:
- Some types of work are (or should be) routine. To do them well, an organization needs a clearly defined, repeatable process that is easy to delegate.
- Other types are cognitively complex. Their broader goals might stay stable, but the details constant change as circumstances and threats evolve.
- And other types are centered on creating, maintaining and extending technology, such as tools to support testing.
- Publish this overview (survey / clustering / characterization)
- Apply for instructional development grants. We (CSTER) intend to apply for funding. We hope to collaborate with other institutions and practitioners and we hope to foster other collaborations that lead to proposals that are independent of CSTER.
The Workshop on Teaching Software Testing is concerned with the practical aspects of teaching university-caliber software testing courses to academic or commercial students.
We see software testing as a cognitively complex activity, an active search for quality-related information rather than a tedious collection of routines. We see it as more practical than theoretical, more creative than prescriptive, more focused on investigation than assurance (you can’t prove a system is secure by testing it), more technical than managerial, and more interested in exploring risks than defining processes.
We think testing is too broad an area to cover fully in a single course. A course that tries to teach too much will be too superficial to have any real value. Rather than designing a single course to serve as a comprehensive model, we think the field is better served with several designs for several courses.
We are particularly interested in online courses that promote deeper knowledge and skill. You can see our work on software testing at http://www.testingeducation.org/BBST. Online courses and courseware, especially Creative Commons courseware, make it possible for students to learn multiple perspectives and to study new topics and learn new skills on a schedule that works for them.
WHO SHOULD ATTEND
We invite participation by:
- academics who have experience teaching courses on testing or security
- practitioners who teach professional seminars on software testing or security
- one or two graduate students
- a few seasoned teachers or testers who are beginning to build their strengths in teaching software testing or security.
There is no fee to attend this meeting. You pay for your seat through the value of your participation. Participation in the workshop is by invitation based on a proposal. We expect to accept 15 participants with an absolute upper bound of 22.
We are still confirming attendees and finalizing presentation topics. The following is a partial listing:
|ATTENDEE||AFFILIATION||PRESENTATION (if applicable)|
|Balasooriya, Janaka||Arizona State University|
|Carvalho, Marco||Florida Tech|
|Fiedler, Rebecca||Kaner, Fiedler, & Associates, LLC|
|Fioravanti, Mark||Dept of Homeland Security and Florida Tech|
|Ford, Richard||Florida Tech||Security Testing ! = Testing|
|Gallagher, Keith||Florida Tech|
|Gentleman, Morven||Dalhousie University|
|Hoffman, Daniel||University of Victoria||Worlds in Collision: Ethernet and the Factory Floor|
|Kabbani, Nawwar||Florida Tech||Security Testing of SOA Systems|
|Kaner, Cem||Florida Tech||The Challenges of Educating Testers on Security (and Security People on Testing)|
|Kelly, Michael||DeveloperTown||Workshop facilitator|
|Knowles, Ben||Dell SecureWorks||Vulernability Lifecycle for Testers|
|Mayron, Liam||Florida Tech|
|Oliver, Carol||Florida Tech|
|Weber, Jens||University of Victoria||The PPP approach to security testing education: Problem-based, Project-oriented, Peer-driven|
HOW THE MEETING WILL WORK
WTST is a workshop, not a typical conference.
- We will have a few presentations, but the intent of these is to drive discussion rather than to create an archivable publication.
- We are glad to start from already-published papers, if they are presented by the author and they would serve as a strong focus for valuable discussion.
- We are glad to work from slides, mindmaps, or diagrams.
- Some of our sessions will be activities, such as brainstorming sessions, collaborative searching for information, creating examples, evaluating ideas or workproducts and lightning presentations (presentations limited to 5-minutes, plus discussion).
- In a typical presentation, the presenter speaks 10 to 90 minutes, followed by discussion. There is no fixed time for discussion. Past sessions’ discussions have run from 1 minute to 4 hours. During the discussion, a participant might ask the presenter simple or detailed questions, describe consistent or contrary experiences or data, present a different approach to the same problem, or (respectfully and collegially) argue with the presenter.
Our agenda will evolve during the workshop. If we start making significant progress on something, we are likely to stick with it even if that means cutting or timeboxing some other activities or presentations.
Presenters must provide materials that they share with the workshop under a Creative Commons license, allowing reuse by other teachers. Such materials will be posted at http://wtst.org.
The hosts of the meeting are:
- Cem Kaner (http://www.kaner.com and http://www.testingeducation.org)
- Rebecca Fiedler (http://bbst.info)
- Richard Ford (http://harris-institute.fit.edu)
- Michael D. Kelly (http://michaeldkelly.com) (Meeting Facilitator)
LOCATION AND TRAVEL INFORMATION
We will hold the meetings at
Harris Center for Assured Information, Room 327
Florida Tech, 150 W University Blvd,
Melbourne International Airport is 3 miles from the hotel and the meeting site. It is served by Delta Airlines and US Airways. Alternatively, the Orlando International Airport offers more flights and more non-stops but is 65 miles from the meeting location.
We recommend the Courtyard by Marriott – West Melbourne located at 2101 W. New Haven Avenue in Melbourne, FL.
Please call 1-800-321-2211 or 321-724-6400 to book your room by January 2. Be sure to ask for the special WTST rates of $89 per night. Tax is an additional 11%.
All reservations must be guaranteed with a credit card by January 2, 2010 at 6:00 pm. If rooms are not reserved, they will be released for general sale. Following that date reservations can only be made based upon availability.
For additional hotel information, please visit the travel information page on this site or the hotel website at http://www.marriott.com/hotels/travel/mlbch-courtyard-melbourne-west/
OUR INTELLECTUAL PROPERTY AGREEMENT
We expect to publish some outcomes of this meeting. Each of us will probably have our own take on what was learned. Participants (all people in the room) agree to the following:
- Any of us can publish the results as we see them. None of us is the official reporter of the meeting unless we decide at the meeting that we want a reporter.
- Any materials initially presented at the meeting or developed at the meeting may be posted to any of our web sites or quoted in any other of our publications, without further permission. That is, if I write a paper, you can put it on your web site. If you write a problem, I can put it on my web site. If we make flipchart notes, those can go up on the web sites too. None of us has exclusive control over this material. Restrictions of rights must be identified on the paper itself.
- NOTE: Some papers are circulated that are already published or are headed to another publisher. If you want to limit republication of a paper or slide set, please note the rights you are reserving on your document. The shared license to republish is our default rule, which applies in the absence of an asserted restriction.
- The usual rules of attribution apply. If you write a paper or develop an idea or method, anyone who quotes or summarizes you work should attribute it to you. However, many ideas will develop in discussion and will be hard (and not necessary) to attribute to one person.
- Any publication of the material from this meeting will list all attendees as contributors to the ideas published as well as the hosting organization.
- Articles should be circulated to WTST-2012 attendees before being published when possible. At a minimum, notification of publication will be circulated.
- Any attendee may request that his or her name be removed from the list of attendees identified on a specific paper.
- If you have information which you consider proprietary or otherwise shouldn’t be disclosed in light of these publication rules, please do not reveal that information to the group.
Funding for WTST 1-5 came primarily from the National Science Foundation , under grant EIA-0113539 ITR/SY+PE “Improving the Education of Software Testers.” Partical funding for the Advisory Board meetings in WTST 6-10 came from the the National Science Foundation, under grant CCLI-0717613 “Adaptation & Implementation of an Activity-Based Online or Hybrid Course in Software Testing”.
Opinions expressed at WTST or published in connection with WTST do not recessarily reflect the views of NSF.
WTST is a peer conference in the tradition of the Los Altos Workshops of Software Testing.