An interesting read on Mary Ann Davidson's blog on the Supply Chain Problem. Mary is the Chief Security Officer of Oracle Corporation. She brings out some excellent observations about the lack of security education in universities as part of regular curriculum. The "Time To Market" and "Please The Market" courses have kind of engulfed the typical curriculum. Hence the traditional Computer Science courses have taken the back seat. If developers have no clue what the O-notation means, what depth-first/breadth first search or traversal means etc, then you can visualize the quality of software over time.
Do we need to incorporate secure coding practices in to the curriculum of Computer Studies? I am sure having at least one mandatory course will not be bad. Question is where will the colleges find the right faculty to teach Security..... Now that is a interesting question to be answered.... The right things would be to inculcate security into the relevant courses.
But what Mary is pushing for is a necessity of the software industry.