ACM Columbia University25 February 2009

What's a CS to do?

Computer humorHow many software developers does it take

to screw in a light bulb?

Let’s talk money…NACE 2009Computer science grads saw their average

salary offer fall 1.4% from $56,920 to $56,128.

For those employers who expect to offer signing bonuses to computer science grads, the average bonus will be about 25% lower than 2008’s average bonus.

The economyIt’s going to have an impact for at least

three years...…but the Stimulus Plan may actually help

with jobs.Smart infrastructure Smart energySmart healthcare

Separating yourselfIt’s not the degree nor the school – it’s your

brandWhat programming issues do professionals

face?What areas will be hot for CS majors?Staying in front – listening to those on the

street & prospecting for positions instead of applying to them

Your brand and being foundYou must have a social media strategy

BloggingVideosPodcastsPhotosFacebook, LinkedIn, Twitter

It’s all about building relationships

Top 25 programming errorsInsecure Interaction Between ComponentsRisky Resource ManagementPorous Defenses

Source: SANS Institute - www.sans.org/top25errors/SANS (SysAdmin, Audit, Network, Security) Institute

Source: MITRE Corp - cwe.mitre.org/top25/

The impact of the top 25 errorsSoftware buyers will be buy much safer

software.Programmers will have tools that

consistently measure the security of the software they are writing.

Colleges will teach secure coding more confidently.

Employers will ensure they have programmers who can write more secure code.

Insecure interaction b/n components

Improper Input ValidationImproper Encoding or Escaping of OutputFailure to Preserve SQL Query Structure (SQL

Injection)Failure to Preserve Web Page Structure (Cross-

site Scripting)Failure to Preserve OS Command Structure (OS

Command Injection)Cleartext Transmission of Sensitive InformationCross-Site Request Forgery (CSRF)Race ConditionError Message Information Leak

Risky resource managementFailure to Constrain Operations within the

Bounds of a Memory BufferExternal Control of Critical State DataExternal Control of File Name or PathUntrusted Search PathFailure to Control Generation of Code (Code

Injection)Download of Code Without Integrity CheckImproper Resource Shutdown or ReleaseImproper InitializationIncorrect Calculation

Porous defensesImproper Access Control (Authorization)Use of a Broken or Risky Cryptographic

AlgorithmHard-Coded PasswordInsecure Permission Assignment for Critical

ResourceUse of Insufficiently Random ValuesExecution with Unnecessary PrivilegesClient-Side Enforcement of Server-Side

Security

What will be hot in 2009+?Virtualization

This includes server virtualization as well as storage and client devices. Greater efficiencies and elimination of duplicate copies of data on real storage devices.

Cloud computingThe built-in elasticity and scalability of cloud computing will help smaller companies grow quickly while also reducing barriers to entry.

What will be hot in 2009+?Servers - beyond blades

Evolving servers will simplify the provisioning of capacity so organizations will be able to track an individual resource type - such as memory or processing power - and replace as needed, rather than having to pay for all resources every time an upgrade is needed.

Web-oriented architectures Web-centric technologies and standards will continue to affect enterprise computing models leading to greater use of service-oriented environments.

What will be hot in 2009+?Enterprise mash-ups

Mash-ups are being added to enterprise systems to help deliver and manage applications.

Specialized systemsHeterogeneous server systems are big in high performance computing from previously dedicated appliances.

What will be hot in 2009+?Social software and social networking

Leading organizations add a social dimension to a conventional website or application.

Unified communications Massive consolidation in the communications industry as applications shift to off-the-shelf server and operating systems. This means formerly distinct markets and vendors will converge requiring organizations to take account of communications functions being replaced or converged.

What will be hot in 2009+?Business intelligence

BI continues to boost and transform business performance, particularly in a difficult business environment like the current global credit crunch.

Green ITCompanies should think about shifting to more efficient products and processes as environmental scrutiny increases, and cut energy use. Green regulation is “hot” and this especially has the potential to seriously limit how businesses build data centers so organizations will require alternative plans for capacity growth.

Really hotFinancial services especially refactoring of

legacy systemsGamesMobile: Smaller and smaller

Siteshttp://www.joelonsoftware.com/index.htmlhttp://slashdot.org/http://www.joltawards.comhttp://www.indeed.com

MeSteve LevyThe Tuttle Agency295 Madison Avenue, 8th FloorNew York 10017212-497-9576slevy@tuttleagency.comMy blogConnect to me on LinkedInFollow me on Twitter