[motters]

A thought occurs that if any of these universities have computer science or software engineering courses, or even infosec courses, then part of that should include the students examining and/or documenting the universities own IT systems and how they work. There would be a natural synergy between teaching success and the security and efficiency of the universities systems.

This doesn't necessarily mean that students would be allowed to alter the software, but they certainly could analyze and audit it, and perhaps provide patches in some cases.

[freehunter]

During some of my more high-security classes at school, we had to confine our classroom to a completely different network. While we were given access to and authorization to use and learn certain tools, we could not use them on the university network. This meant that when class was in session, the network administrators would shut down the switch port connecting the room elsewhere, not only cutting us off from the rest of the network but also from the Internet.

The school couldn't assure that all the data going over the wire was protected from these tools, but felt it good practice to teach us. Of course, many students then left the class after the two hours were up and stupidly practiced their newfound skills on the network anyway. After that day, we lost more than a couple students from the class (and possibly the university).

The schools know their systems are insecure. The leadership is comfortable in accepting this risk. I just wish they would make this information public to the students, so they can choose to accept the risk as well.

[DanBC]

Some people think that's problematic. They say that you shouldn't use students to replace local industries, because it's bad for local businesses. They might say that you shouldn't use unpaid students to do real work.

And there are problems with letting students have permission to run penetration tests - you have no idea if they're white hat or grey hat or black hat.

[peterhost]

Cmon! All the High Education thing is about making Students work for their university for the time they're enroled, in exchange for knowledge, and insider's tips (yeah, i can introduce you to xxxx at ibm,...). I personnally don't know of a single PHD who didn't work (hard) for free for his director... Untill he got his phd. And even after that, sometimes, if he wants to get into research himself.

I find internal auditing, under strict surveillance to be a very good idea indeed. This could even lead to some healthy form of competition between universities, not only base on who teaches that Lisp class, or what professor/university's name is.