Know thy enemy

Teaching establishments which won't discuss computer intrusion techniques are doing everyone, not just their computing students, a huge disservice. A problem will not simply go away because your prestigious college didn't put it on the curriculum.

Many of these graduates go on to write code for production systems, with no understanding of issues like SQL injection, cross-site scripting, buffer overflows, or any of the other basic tools of the cracker.

The end result? The same stupid mistakes over and over, insecure code and compromised systems.

As a web application developer, long-time coder and server administrator, who also has something of a hacker mentality, I knew well enough to find out what security issues might affect my work, and at least try to learn how to mitigate them. But how many of the people graduating with IT-related degrees got into computing because "the money is good" or "it's a growth industry", and how likely is it that such people will have the initiative or interest to learn anything beyond what their college spoon-fed them or what they accidentally pick up as they work?