Re: ACM Queue article and security education

[ljknews <ljknews () mac com>]

At 8:10 PM -0400 6/29/04, James Walden wrote:

> While there are non-university classes and workshops that teach software security, I doubt that a majority of 
> developers have attended even one such class.  Software security has to be integrated into the CS curriculum before we 
> can expect a majority of developers to have the appropriate skills, and then there will still be the issue of applying 
> them under deadline pressure.
>
> That said, I agree with most of the article.  We can't wait for years to software security to become a standard part 
> of the curriculum, and most of his suggestions, such as turning C compiler warnings into errors, are good ideas no 
> matter what the current status of security education.  I also second his enthusiasm for perl's taint mode.

Teaching students how to avoid problems in C should be a separate (optional)
course.

Dealing with issues that have _not_ been solved in higher level languages
should be a required course not burdened by the baggage of C.

And whether something is a "warning" or an "error" is outside the scope
of the programming language itself and into the build process which would
allow completion in the face of warnings.