This course will study approaches, mechanisms, and tools used to make software systems more secure. We will motivate the study by discussing common software security vulnerabilities such as buffer overflows, cross-site scripting and injection attacks. Then we will look at architectural approaches to building secure software (e.g., confinement, virtual machines, trusted computing), secure design principles and patterns, software analysis, secure programming techniques, run-time enforcement of security policies, code reviews and security testing. The course will also cover topics such as the importance of usability to building secure software systems.