pchapin's CIS-3720 Secure Programming, Fall 2019


Peter C. Chapin. Office: BLP-415 on the Williston campus. Office hours are by appointment. Phone: 802-879-2367 (voice mail active). Email: pchapin@vtc.edu. I will usually respond to email within 24 hours, not including weekends or holidays. Email is the best way to contact me. I am also sometimes on the FreeNode IRC network under the nickname pcc.

Course Description

The official course outline lists high level course objectives and content.

This course is about how to program secure software systems. It is primarily a programming course with a focus on detecting, evaluating, and preventing software vulnerabilities. This course does not focus on security theory, nor does it look at issues related to network or system administration. The course is intended for software engineering students, or others with an interest in software development, who need to build secure programs.


This course assumes you have some experience with the Java and C programming languages. However, you do not need to be an expert with either. A background with object oriented programming would be helpful, but isn't necessary.


There is no text for this course. However, you will be assigned readings from various online resources and documentation.

I have created an email distribution list for the class. I will use this list to distribute announcements and other supplementary materials. Be sure to check your mail regularly (daily) or you might miss something important. If you send a question in email directly to me, I may reply to my distribution list if I think that others would benefit from my answer. If you would rather I did not reply to the list you should say so in your message.

My home page contains various documents of general interest.

Grading Policy

I grade on a point system. Each assignment is worth a certain number of points. At the end of the semester I total all the points you earned and compare that to the total number of possible points. In this course there are two components to your grade.

  1. Homework. 20 pts/each. There will be approximately eight assignments during the semester for a total of 160 points. You will have one to two weeks to do each assignment, depending on the complexity of the assignment and other scheduling issues.

  2. Exam. 50 pts. There will be one exam. It will be a take home exam given during the final exam period at the end of the semester.

When doing the exam you can use any resources available to you except that you can not consult with other students about exam questions nor post questions related directly to the exam on Internet forums or mailing lists (it is okay to read existing posts, however). If you have questions about the exam, please contact me.

For homework you can discuss the questions with other students and post questions related to the assignments in on-line forums. However, you should still do your own work. See the section on "Copying Policy" below for more information.

I will not formally take attendance, but I will notice people who seem "disengaged" in the class. Although attendance is not specifically part of my grading policy it will, like other intangible items such as "professionalism," play a role in how likely I am to round up borderline grades.

Late Policy

I attempt to either publish solutions to assignments or return graded assignments (or both) a few days after the due date. Once either of those things occur, I cannot accept any further submissions. The interval between the formal due date and when I either publish a solution or return graded work is a grace period during which I will continue to accept assignments with no penalty. For best results, you should endeavor to submit assignments on time. If something comes up that prevents you from handing in an assignment on time, contact me, before the due date if possible, to discuss your issue. I am usually open to reasonable requests for extensions.

Copying Policy

I encourage you to share ideas with your fellow students so I won't be shocked to learn that you've been talking with someone about an assignment. In fact, if you worked closely with someone else you should make a note on your submission that mentions the names of your associates.

However, I do ask you to do your own work in your final submissions. The goal is for all of the work in your submission to have passed through your brain so that you comprehend it. If in doubt, ask yourself this: if I called you into my office and asked you to explain what you did, would you be able to do so?

If two submissions exhibit what I feel to be "excessive similarity" I will grade the submissions based on merit and then divide the grade by two, assigning half the grade to each submission. If I receive more than two excessively similar submissions I will divide the grade by the number of such submissions and distribute the result accordingly.

Since "excessive similarity" is a bit subjective, I may only give you a warning if the similarity is not too excessive—especially for a first offense. However, I do keep records when I find excessive similarity and I will be much less inclined to be forgiving if I discover it again. If you are concerned about the possibility of submitting something that might be too similar to another student's work, don't hesitate to speak with me first. Remember that I won't be surprised to learn that you are working closely with someone (it's a good thing!), so don't feel reluctant to say so. Also keep in mind that I'm not out to persecute you. I want you to be successful, and I want to work with you to ensure you are submitting appropriate work.

If you find material on the Internet or in a book that seems to answer questions I ask in an assignment, you may include such material in your submission provided you properly reference it. If I discover that you have included unreferenced material from such sources, I may not give you any credit for the question(s) answered by such material. You do not need to provide a reference to our text book or to materials I specifically provide in class.

Other Matters

Students with disabilities may request accommodation as provided within federal law. All such requests should be made by first contacting Robin Goodall, Learning Specialist, in the Center for Academic Success on the Randolph campus. She can be reached by phone at (802) 728-1278 or by email at rgoodall@vtc.edu.

The Vermont State Colleges System is committed to ensuring our campuses are safe places for students and employees. Faculty and staff are considered mandated reporters when it comes to experiences of interpersonal violence (sexual assault, sexual harassment, dating/domestic violence, and stalking). Disclosures of interpersonal violence will be reported to the Title IX Coordinator, who can help provide support and academic accommodations for students who have been impacted. More information can be found online.

Last Revised: 2019-08-21
© Copyright 2019 by Peter C. Chapin <pchapin@vtc.edu>