ACM President David A. Patterson's recent "manifesto" calls on IT and computer professionals to focus their attention on the neglected areas of security, privacy, usability, and reliability (SPUR). We report on a recent classroom exercise designed to increase students' awareness of and engage their interest in addressing SPUR concerns.IT students at George Mason University, as part of their senior design project course, were given the opportunity to perform hands-on testing of pre-release security software being developed by Hewlett-Packard Laboratories. Over two class sessions, forty students were tasked with testing a research prototype application designed to limit harm from malicious code. Results from this experience suggest that hands-on access to pre-release software can provide an effective vehicle for enhancing student understanding of the challenges of meeting the interlocking goals of security, privacy, usability, and reliability. The faculty observers noted additional beneficial side-effects of this exercise. Working through bugs, designing experiments to test ideas, and analyzing the interface served as a whetstone to sharpen students' trouble shooting skills and critical thinking abilities.We conclude that IT undergraduate programs should consider the incorporation of a hands-on software evaluation module that stresses the principles of the SPUR manifesto. Such a module can make use of open source software where commercial pre-release software is not available. This could be incorporated into a projects class, human-computer interaction class, or software development class as appropriate to a particular program.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Alan H. Karp, Enforce POLA on processes to control viruses, Communications of the ACM, v.46 n.12, December 2003  [doi>10.1145/953460.953480]
	2	Marchant, A., E.H. Sibley and H.T. Daughtrey, Jr., "Building Undergraduate Security Curriculum," ASEE Proceedings, 6/22/04.
	3	Miller, M.S., B. Tulloh and J.S. Shapiro, "The Structure of Authority: Why security is not a separable concern," Multiparadigm Programming in Mozart/OZ: Second International Conference, Springer-Verlag LNCS 3389, 2005.
	4	David A. Patterson, 20th century vs. 21st century C&C: the SPUR manifesto, Communications of the ACM, v.48 n.3, March 2005  [doi>10.1145/1047671.1047688]
	5	Saltzer, J. J. and M. D. Schroeder, "The Protection of Information in Computer Systems," Proceedings of the IEEE 63(9), September 1975, p. 1278--1308.
	6	Stiegler, M., A.H. Karp, K.P. Yee, and M.S. Miller, "Polaris: Toward Virus Safe Computing for Windows XP," HP Labs Technical Report, HPL-2004-221, 2004.
	7	James A. Whittaker, How to Break Software: A Practical Guide to Testing with Cdrom, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002
	8	Whittaker, J.A. and H. H. Thompson, How to Break Software Security: Effective Techniques for Security Testing, Boston: Addison-Wesley, 2004.
	9	Ka-Ping Yee, Aligning Security and Usability, IEEE Security and Privacy, v.2 n.5, p.48-55, September 2004  [doi>10.1109/MSP.2004.64]