IT students are not being educated on how to "bake in" security when designing and developing new software applications, according to research.

The study for the Cyber Security Knowledge Transfer Network (KTN) found that just one in five UK computing undergraduates get no more than five hours education on software security – and many get none at all.

Insecure software applications have a knock-on effect on end users by making their systems vulnerable, according to Bill Whyte, who carried out the research.

“Today’s computing market is a complex value chain of software activities and is as vulnerable as its weakest link," he said.

Despite the current political clamour on the importance of information security, this key issue is not being addressed, said Nigel Jones, head of the KTN.

“The bottom line is that if we want to solve the problems we need to start by fixing the root cause," he said.

A recent BERR and PricewaterhouseCoopers report on UK information security breaches did not contain a single reference to secure software development.