Tentative Lecture Schedule


The tentative lecture flow will be as shown in the table. The course schedule is to be expected to change.





Week 1: Jan 9

Class Cancelled (Out of Town)


Week 2: Jan 16



Secure Software Development Models/Methods

(Lecture 1)

(Source Related Reading Materials)

Week 3: Jan 23


Secure Software Development Models/Methods

(Discuss the projects)

(Continued from last lecture)

Week 4: Jan 30



Building Security In

(Source: "Software Security" by Gary McGraw - available through Safari for Pitt students)

(Presentation of initial Project idea)

(Lecture 2)

Week 5: Feb 6

(continue Lecture 2) +

Buffer overflow: Strings/ Integer/Pointers   

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 2)

[Finished till Arc Injection]

(Lecture 3)

Week 6: Feb 13

File I/O and Race conditions

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 7)

(Lecture 4)

Week 7: Feb 20

Dynamic Memory Management

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 4)

(Half a day - University closed because of snow)

(Lecture 5)

Week 8: Feb 27

(Continue Lecture 4-5)


Week 9: Mar 6

Spring Break


Week 10: Mar 13


(Continue Lecture 5)

(Finished Lecture 5 - finally)

(Lecture 6)

Week 11: Mar 20

Integer Security (Lecture 6)

Pointer Subterfuge

(Source:  "Secure Coding in C/C++" by Robert Seacord: Chap 4, 5)

(Lecture 7)

Week 12: Mar 27

Lecture 7 (to be read by students) + Discussion on Project


Week 13: Apr 3

Update/Discussion on the Class Project  (Shortened the class)


Extra Class: Apr 5


Michael, Thaier

Craig, Nathan

Week 14: Apr 10

Presentations (Continued)

Project Discussion


Week 15: Apr 17

Java Security

(From "Enterprise Java Security .." by Pistoia et a.)

(Lecture 8)

Week 16: Apr 24

Java Security + Web Services Security

Formal Verification


(The two semester-wide projects will be evaluated)

(Lecture 9)

(Lecture 10)



Paper1; Paper2; Paper3