View article

Introductory computer systems courses teach students how a single program is executed inside a computer, providing them with their first exposure to the logical internals of computing systems. This is one of the first introductory courses where students can learn about security and the need for robust coding. However, currently, these courses are taught with a focus on functionality and efficiency only, ignoring security almost entirely.

In this paper, we provide a basic security analysis of computer systems courses from 16 of the top 20 CS undergraduate programs at R1 universities in the US. We collected more than 760 thousand lines of C/C++ code written by 253 students and used by instructors in lectures and for assignments. We found students frequently use unsafe functions such as strcpy, strcat, and system, many of which can lead to serious security vulnerabilities. These unsafe functions are present in course …