Carnegie Mellon University

Security for Software Engineers

Instructor CEU Units # of Lectures Hours per Week Tuition
Shawn Butler 4.4 11 10-15 $2,600

Course Objectives

The objective of this course is to introduce students to the principles and technologies that security engineers use to ensure the integrity, availability, and confidentiality of Information Technology Systems. This course is intended to demystify security and enable software managers, developers, and others to understand the challenges of securing a software system and state-of-the-practice. At the end of this course students should be able to:

  • Identify and prioritize IT security risks
  • Determine an appropriate set of security controls that will mitigate IT security risks
  • Develop a security architecture for a medium sized software system
  • Understand security as part of the software development life cycle
  • Establish software development security policies




Introduction to Computer Security by Matt Bishop, Addison-Wesley, 2004.
ISBN: 0-32-124744-2.


Lecture 1:      Risk Management
Lecture 2:      Threats and Vulnerabilities
Lecture 3:      Cryptography
Lecture 4:      Secure Communication
Lecture 5:      Wireless Security
Lecture 6:      Authentication and Access Control
Lecture 7:      Intrusion Detection Systems
Lecture 8:      Security Patterns
Lecture 9:      Security Engineering Principles
Lecture 10:    Software Assurance
Lecture 11:    Security and System Development Life Cycle & Security Policies
TBD:               Project Presentations