Wednesday, July 30, 2014

Top 20 colleges for computer science majors, based on earning potential

Top 20 colleges for computer science majors, based on earning potential
The Golden State dominates PayScale’s ranking of the top computer science schools

Among computer science grads, alumni from University of California, Berkeley, led the pack with a median mid-career salary of $141,400, PayScale says.

California is home to the top five computer science schools in the U.S., according to a new salary-centric report from PayScale.

The research company ranked 129 college majors based on the median pay for alumni from 1,016 schools (see related story, Computer science major ranks No. 8 for salary earning potential).

In addition to ranking the most lucrative majors, PayScale also analyzed which schools produce the highest-paid graduates in each field of study. Among computer science graduates, alumni from University of California, Berkeley, led the pack with a median mid-career salary of $141,400, PayScale said. The Golden State is also home to the next four universities in the computer-science rankings.

To come up with its rankings, PayScale surveyed 1.4 million civilian employees working full-time in the U.S. Only employees who possess a bachelor’s degree and no higher degrees are included in PayScale’s College Salary Report. The rankings are based on the median mid-career earnings of graduates.

Best Schools for Computer Science Majors

Source: PayScale

1. University of California, Berkeley
Starting pay: $82,000
Mid-career pay: $141,400

2. California Polytechnic State University, San Luis Obispo (CalPoly)
Starting pay: $67,000
Mid-career pay: $125,000

3. University of California, Santa Barbara (UCSB)
Starting pay: $68,000
Mid-career pay: $120,200

4. Stanford University (tie)
Starting pay: $90,000
Mid-career pay: $120,000

5. University of California, Irvine (UCI) (tie)
Starting pay: $64,200
Mid-career pay: $120,000

6. Massachusetts Institute of Technology (MIT)
Starting pay: $82,400
Mid-career pay: $117,500

7. Virginia Polytechnic Institute and State University (Virginia Tech)
Starting pay: $66,700
Mid-career pay: $117,000

8. Cornell University
Starting pay: $70,000
Mid-career pay: $116,500

9. University of California, San Diego (UCSD)
Starting pay: $70,000
Mid-career pay: $115,000

10. Rutgers University - New Brunswick
Starting pay: $63,000
Mid-career pay: $114,500

11. San Jose State University (SJSU)
Starting pay: $65,500
Mid-career pay: $114,400

12. New York University (NYU)
Starting pay: $60,000
Mid-career pay: $112,500

13. University of Washington (UW)
Starting pay: $65,000
Mid-career pay: $112,100

14. University of Maryland (UMD)
Starting pay: $66,000
Mid-career pay: $112,000

15. Worcester Polytechnic Institute (WPI)
Starting pay: $69,500
Mid-career pay: $111,500

16. Carnegie Mellon University (CMU) (tie)
Starting pay: $81,300
Mid-career pay: $111,000

16. Georgia Institute of Technology (tie)
Starting pay: $65,800
Mid-career pay: $111,000

18. University of California at Los Angeles (UCLA)
Starting pay: $65,000
Mid-career pay: $110,000

19. University of Texas (UT) - Austin
Starting pay: $64,000
Mid-career pay: $106,200

20. University of Illinois at Urbana-Champaign (UIUC)
Starting pay: $68,000
Mid-career pay: $106,000

It’s worth noting that not every college and university in the U.S. is included in the study. According to PayScale, there are approximately 3,070 bachelor's degree-granting schools in the U.S, and this year’s College Salary Report includes 1,016 of them. With those 1,016 schools, PayScale asserts that it’s covering 86% of schools with more than 5,000 undergraduates and more than 75% of the estimated undergraduates in bachelor’s degree programs in the U.S.

PayScale defines mid-career employees as those with at least 10 years of experience in their career or field.


Posted by at No comments:
Labels: , , ,

Tools catch security holes in open source code

Given its prevalence, open source code is virtually impossible to avoid, but the proper steps need to be taken address its vulnerabilities

This year has been the best of times and the worst of times for open source code and security.

On the one hand, the latest survey by Black Duck Software and North Bridge Venture Partners shows that 72 percent of industry professionals prefer open source software because it's more secure than proprietary solutions.

On the other hand, Heartbleed exposed a security flaw in the widely-used, open source OpenSSL encryption tool that affected more than half a million websites. Also this spring, TrueCrypt unexpectedly shut down, citing “unfixed security issues” on its SourceForge page, and a critical bug in Linux, GnuTLS, was finally exposed after having been undiscovered for more than 10 years.

Open source software is widely used in business – in webservers running Linux and Apache, in databases, in the Android operating system, in code libraries used by enterprise developers, and embedded into commercial software packages.

Avoiding open source completely is not an option, but blindly trusting the open source community to fix all mistakes is also problematic.

One solution is to use automated code-scanning tools to scan code for known vulnerabilities and common programming errors. Fortunately, the automated tools are getting better every year.

Trust, but verify
Over the past few years, more than 5,000 security vulnerabilities have been found in open source code, according to the National Vulnerability Database.

Ideally, a company would check each of these vulnerabilities against the open source software packages it uses, plus against the open source software used inside commercial packages, and even against pieces of code that their own programmers copied off the Internet.

“The reality is that developers every day cut-and-paste code from open source projects,” said Dave Gruber, VP of product management at Black Duck Software.

And large organizations are adding new open source software to their environments all the time, meaning that vulnerability checking has to be an on-going process.

“For organizations that do that manually, it gets very overwhelming very quickly,” said Gruber.

Black Duck Software, in addition to running an annual survey about how companies use open source, also offers software scanning tools that help companies find all the open source software, components, and even snippets that they are using, and then check them against the list of known vulnerabilities.

Its 1,400-plus customers include 27 of the Fortune 100, six of the top 10 investment banks, and seven of the top ten software companies. The company currently has more than a million open source projects in its database, Gruber said.

“We track all the major open source forges in the world,” he said.

Find new bugs before they bite

Finding and patching known vulnerabilities is important and is a critical first step to securing open source software.

But what about the unknown vulnerabilities? There are tools to help with that, as well.

One such tool is the Application Intelligence Platform from New York-based CAST, which can scan software for bugs and vulnerabilities and point out where the problems are located.

“In average application, there are 100 to 120 security vulnerabilities that we find,” said Lev Lesokhin, senior vice president at CAST.

Common problems include SQL injections, where a hacker trying to break into an application will enter a database query instead of the requested data. This technique isn't anything new.

“But it's still the most common way that criminals get into the system,” said Lesokhin.

According to the latest Verizon Breach Report, released in April, SQL injections were used in 80 percent of attacks against Web applications.

“One of the myths of open source software is that there are millions of eyeballs looking at the source code and fixing it,” he said. “But that's true of only very few open source projects. The rest of it – someone wrote something and put it out on open source.”

It might have been written by an amateur, or someone who's moved on to something else and is no longer maintaining the software.

But it still could be useful code that could save a company developer hours, days, or even weeks of work.

“Any component you can think of, there's an open source example out there that you can reuse,” said Lesokhin.

But one company is taking its code scanning technology right to the source – to the open source projects themselves, that is. And since these projects are typically not well funded, the technology is available for free.

[Hadoop's success drives efforts to make it more secure]

It's called Coverity Scan, and is provided in the cloud by San Francisco-based Coverity, Inc. It scans software for all the common types of security problems, including buffer overflows, cross-site scripting, insecure data handling, SQL injections, security misconfigurations, and illegal access to memory.

It originally began in 2006 as a public-private research project between Coverity and the U.S. Department of Homeland Security, and has been used to analyze some of the most important C and C++ open source projects, including Linux, Apache, PHP and PostgreSQL. Last year, Coverity Scan was expanded to include Java as well.

“They get the same platform as our customers get, but in the cloud,” said Zack Samocha, the company's senior director of products.

The last few months have been hard for open source projects from a security perspective, he said.

“The Heartbleed issue was huge,” he said.

However, there was a silver lining. The high-profile security problems drew attention to the need for better security screening of open source software.

“Over 400 new projects signed up for Coverity scans after the awareness of that issue,” he said. “The open source community is maturing, and understands the need for these kinds of tools to be successful. They are making more sure that the quality is better and that the security is better.”

Coverity now scans more than 2,200 different open source projects, he said.

In April, Coverity released a report that analyzed code from more than 700 C and C++ projects, in addition to a sample of Java projects and anonymous enterprise projects – a total of more than 750 million lines of code. The analysis showed that, for the first time since the company began running the scans eight years ago, the quality of open source code has surpassed proprietary code.

Part of it may be due to the increased emphasis on fixing coding problems by the open source projects themselves. Linux, for example, has used the Coverity scans to reduce the average time it takes to fix a newly discovered defect from 122 days to just six days

Coverity is also used by companies internally. Customers include major brands like SAP, Air France, Comcast, Barclays, as well as nine of the top ten software companies and seven of the top ten aerospace companies.

“The amount of source code is rapidly increasing in size and yet we are maintaining consistent quality,” said Yoshinori Tsujido, staff manager for Mitsubishi Electric Sanda Works, in a statement. “I don’t know where we would be now if we didn’t use Coverity.”

[Hackers targeting servers running Apache Struts applications, experts say]

According to IDC projections, the worldwide software quality analysis market exceeded $500 million in 2013, and will grow to $906 million in revenues by 2017, a compound annual growth rate of more than 15 percent.

“In the face of increasing numbers of highly public failures of business-critical systems, the urgency of attending to software quality analysis has never been more obvious,” said IDC analyst Melinda Ballou in a statement. “The crying need to improve corporate and developer hygiene in this area is clear.”

Posted by at No comments:
Labels: , , ,

Thursday, July 3, 2014

CompTIA A+ Certification 2014 Job Satisfied

The A+ Certification is provided by CompTIA, which is a non-profit trade association and provides various professional certifications for the IT industry, all over the world. CompTIA’s certifications including the A+ certification are recognized by the American National Standards Institute (ANSI) which increases their significance in the IT industry.

The A+ certification is basically designed to be vendor neutral and covers various technologies from different vendors, including Microsoft, Apple, HP, Novell, Cisco and Linux Distributions. Professionals having the A+ certification are recognized as competent entry level computer technicians, having knowledge which is the equivalent of 500 hours of field experience.

Candidates who have acquired the A+ certification possess the required knowledge to understand the fundamentals of and identify the different components of computer technology, networking and security.

Since its development back in 1993, the A+ certification has gone through four revisions the latest version which was introduced in 2009, requires the candidates to pass two exams to achieve the certification these include the A+ Essentials and A+ Practical Application exams.

Because the A+ certification is ISO 17024 accredited, it goes through updates to the exam, on a regular basis. Due to changes in certification conditions that were announced in 2010 the A+ certifications will now expire after 3 years. Previously these certifications had a lifetime validity status. People who are current certificate holders will retain the validity for life but the candidates attempting the certification after December 31, 2010 will have a expiry period of 3 years on their certifications. To date there are more than 700,000 people worldwide, who have earned the A+ certification.

The A+ Certification requires 2 exams:
CompTIA A+ Essentials – Exam 220-801
CompTIA A+ Practical Application – Exam 220-802

Each exam consists of 100 questions and the duration for each exam is 90 minutes. The passing score on a scale of 100 – 900 is 675 for the A+ Essentials exam and 700 for the A+ Practical Application.

The exams are currently available in 8 different languages worldwide. The cost of the exams is $168 for each of the two exams, although CompTIA members are eligible for discounts.

The A+ certification combined with CompTIA’s Network+ certification can be used to qualify as an elective exam for Microsoft’s MCSA and MCSE certification

Exam Topics
The exam objectives are reviewed and revised at regular intervals to ensure that the contents of the certification are current. Due to this reason the following information is not necessarily an exhaustive list of test objectives.

Hardware
Troubleshooting, Repair & Maintenance
Operating System and Software
Networking
Security
Operational Procedure

Sub topics under these main exam objectives include knowledge about IRQs, direct memory access, and practical skills regarding computer repair, which includes the installation and repair of various devices i.e. hard drives, modems, network cards, CPUs, power supplies along with PDAs and printers. The main emphasis of the exam is not theory, but developing practical skills.


Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)