Hacking Secure Coding Into Education
Unknown
BSides Las Vegas 2025 · Day 1
**Osar** and **Yariv Ta** argue that **software remains insecure in 2025** because **education** still teaches dangerous patterns—using a real **high school** “internet programming” assignment as a case study with **three** serious issues in one example (**SQL injection**, wildcard **`LIKE`** misuse, missing **password hashing**). Their response is a multi-year advocacy and delivery effort branded **“Secure from Scratch,”** moving security **left** to **before developers become developers**: high schools, universities, YouTube, open workshops (including **DEF CON**), and an open **GitHub** repository of workshop materials. They also introduce a mnemonic acronym (**VER**, inspired by **SOLID**) to condense secure coding guidance, and a small **OWASP**-adjacent library project aimed at eliminating **path traversal** in **Python** and **Java**.
AI review
Heartfelt education reform pitch with just enough technical sting (bad curricula, trap labs, safe path APIs). It will not teach a new exploit, but it challenges the community to stop pretending tooling alone fixes upstream learning debt.