ACM Columbia University 25 February 2009 What's a CS to do?

Computer humor How many software developers does it take to screw in a light bulb?

Let’s talk money…NACE 2009 Computer science grads saw their average salary offer fall 1.4% from $56,920 to $56,128. For those employers who expect to offer signing bonuses to computer science grads, the average bonus will be about 25% lower than 2008’s average bonus.

The economy It’s going to have an impact for at least three years... …but the Stimulus Plan may actually help with jobs. Smart infrastructure Smart energy Smart healthcare

Separating yourself It’s not the degree nor the school – it’s your brand What programming issues do professionals face? What areas will be hot for CS majors? Staying in front – listening to those on the street & prospecting for positions instead of applying to them

Your brand and being found You must have a social media strategy Blogging Videos Podcasts Photos Facebook, LinkedIn, Twitter It’s all about building relationships

Top 25 programming errors Insecure Interaction Between Components Risky Resource Management Porous Defenses Source: SANS Institute - SANS (SysAdmin, Audit, Network, Security) Institute Source: MITRE Corp - cwe.mitre.org/top25/cwe.mitre.org/top25/

The impact of the top 25 errors Software buyers will be buy much safer software. Programmers will have tools that consistently measure the security of the software they are writing. Colleges will teach secure coding more confidently. Employers will ensure they have programmers who can write more secure code.

Insecure interaction b/n components Improper Input Validation Improper Encoding or Escaping of Output Failure to Preserve SQL Query Structure (SQL Injection) Failure to Preserve Web Page Structure (Cross-site Scripting) Failure to Preserve OS Command Structure (OS Command Injection) Cleartext Transmission of Sensitive Information Cross-Site Request Forgery (CSRF) Race Condition Error Message Information Leak

Risky resource management Failure to Constrain Operations within the Bounds of a Memory Buffer External Control of Critical State Data External Control of File Name or Path Untrusted Search Path Failure to Control Generation of Code (Code Injection) Download of Code Without Integrity Check Improper Resource Shutdown or Release Improper Initialization Incorrect Calculation

Porous defenses Improper Access Control (Authorization) Use of a Broken or Risky Cryptographic Algorithm Hard-Coded Password Insecure Permission Assignment for Critical Resource Use of Insufficiently Random Values Execution with Unnecessary Privileges Client-Side Enforcement of Server-Side Security

What will be hot in 2009+? Virtualization This includes server virtualization as well as storage and client devices. Greater efficiencies and elimination of duplicate copies of data on real storage devices.server virtualizationstorage Cloud computing The built-in elasticity and scalability of cloud computing will help smaller companies grow quickly while also reducing barriers to entry. Cloud computing

What will be hot in 2009+? Servers - beyond blades Evolving servers will simplify the provisioning of capacity so organizations will be able to track an individual resource type - such as memory or processing power - and replace as needed, rather than having to pay for all resources every time an upgrade is needed.blades Web-oriented architectures Web-centric technologies and standards will continue to affect enterprise computing models leading to greater use of service-oriented environments. service-oriented environments

What will be hot in 2009+? Enterprise mash-ups Mash-ups are being added to enterprise systems to help deliver and manage applications.mash-ups Specialized systems Heterogeneous server systems are big in high performance computing from previously dedicated appliances.

What will be hot in 2009+? Social software and social networking Leading organizations add a social dimension to a conventional website or application.social networking Unified communications Massive consolidation in the communications industry as applications shift to off-the-shelf server and operating systems. This means formerly distinct markets and vendors will converge requiring organizations to take account of communications functions being replaced or converged.

What will be hot in 2009+? Business intelligence BI continues to boost and transform business performance, particularly in a difficult business environment like the current global credit crunch. Business intelligence Green IT Companies should think about shifting to more efficient products and processes as environmental scrutiny increases, and cut energy use. Green regulation is “hot” and this especially has the potential to seriously limit how businesses build data centers so organizations will require alternative plans for capacity growth. Green IT

Really hot Financial services especially refactoring of legacy systems Games Mobile: Smaller and smaller

Sites

Me Steve Levy The Tuttle Agency 295 Madison Avenue, 8 th Floor New York My blog Connect to me on LinkedIn Follow me on Twitter