190 likes | 258 Views
What's a CS to do?. ACM Columbia University 25 February 2009. Computer humor. How many software developers does it take to screw in a light bulb?. Let’s talk money…NACE 2009. Computer science grads saw their average salary offer fall 1.4% from $56,920 to $56,128.
E N D
What's a CS to do? ACM Columbia University 25 February 2009
Computer humor • How many software developers does it take to screw in a light bulb?
Let’s talk money…NACE 2009 • Computer science grads saw their average salary offer fall 1.4% from $56,920 to $56,128. • For those employers who expect to offer signing bonuses to computer science grads, the average bonus will be about 25% lower than 2008’s average bonus.
The economy • It’s going to have an impact for at least three years... • …but the Stimulus Plan may actually help with jobs. • Smart infrastructure • Smart energy • Smart healthcare
Separating yourself • It’s not the degree nor the school – it’s your brand • What programming issues do professionals face? • What areas will be hot for CS majors? • Staying in front – listening to those on the street & prospecting for positions instead of applying to them
Your brand and being found • You must have a social media strategy • Blogging • Videos • Podcasts • Photos • Facebook, LinkedIn, Twitter • It’s all about building relationships
Top 25 programming errors • Insecure Interaction Between Components • Risky Resource Management • Porous Defenses • Source: SANS Institute - www.sans.org/top25errors/ SANS (SysAdmin, Audit, Network, Security) Institute • Source: MITRE Corp - cwe.mitre.org/top25/
The impact of the top 25 errors • Software buyers will be buy much safer software. • Programmers will have tools that consistently measure the security of the software they are writing. • Colleges will teach secure coding more confidently. • Employers will ensure they have programmers who can write more secure code.
Insecure interaction b/n components • Improper Input Validation • Improper Encoding or Escaping of Output • Failure to Preserve SQL Query Structure (SQL Injection) • Failure to Preserve Web Page Structure (Cross-site Scripting) • Failure to Preserve OS Command Structure (OS Command Injection) • Cleartext Transmission of Sensitive Information • Cross-Site Request Forgery (CSRF) • Race Condition • Error Message Information Leak
Risky resource management • Failure to Constrain Operations within the Bounds of a Memory Buffer • External Control of Critical State Data • External Control of File Name or Path • Untrusted Search Path • Failure to Control Generation of Code (Code Injection) • Download of Code Without Integrity Check • Improper Resource Shutdown or Release • Improper Initialization • Incorrect Calculation
Porous defenses • Improper Access Control (Authorization) • Use of a Broken or Risky Cryptographic Algorithm • Hard-Coded Password • Insecure Permission Assignment for Critical Resource • Use of Insufficiently Random Values • Execution with Unnecessary Privileges • Client-Side Enforcement of Server-Side Security
What will be hot in 2009+? • VirtualizationThis includes server virtualization as well as storage and client devices. Greater efficiencies and elimination of duplicate copies of data on real storage devices. • Cloud computingThe built-in elasticity and scalability of cloud computing will help smaller companies grow quickly while also reducing barriers to entry.
What will be hot in 2009+? • Servers - beyond bladesEvolving servers will simplify the provisioning of capacity so organizations will be able to track an individual resource type - such as memory or processing power - and replace as needed, rather than having to pay for all resources every time an upgrade is needed. • Web-oriented architectures Web-centric technologies and standards will continue to affect enterprise computing models leading to greater use of service-oriented environments.
What will be hot in 2009+? • Enterprise mash-upsMash-ups are being added to enterprise systems to help deliver and manage applications. • Specialized systemsHeterogeneous server systems are big in high performance computing from previously dedicated appliances.
What will be hot in 2009+? • Social software and social networkingLeading organizations add a social dimension to a conventional website or application. • Unified communications Massive consolidation in the communications industry as applications shift to off-the-shelf server and operating systems. This means formerly distinct markets and vendors will converge requiring organizations to take account of communications functions being replaced or converged.
What will be hot in 2009+? • Business intelligenceBI continues to boost and transform business performance, particularly in a difficult business environment like the current global credit crunch. • Green ITCompanies should think about shifting to more efficient products and processes as environmental scrutiny increases, and cut energy use. Green regulation is “hot” and this especially has the potential to seriously limit how businesses build data centers so organizations will require alternative plans for capacity growth.
Really hot • Financial services especially refactoring of legacy systems • Games • Mobile: Smaller and smaller
Sites • http://www.joelonsoftware.com/index.html • http://slashdot.org/ • http://www.joltawards.com • http://www.indeed.com
Me Steve Levy The Tuttle Agency 295 Madison Avenue, 8th Floor New York 10017 212-497-9576 slevy@tuttleagency.com My blog Connect to me on LinkedIn Follow me on Twitter