Secure Coding mailing list archives
Re: ACM Queue article and security education
From: ljknews <ljknews () mac com>
Date: Wed, 30 Jun 2004 16:06:06 +0100
At 8:10 PM -0400 6/29/04, James Walden wrote:
While there are non-university classes and workshops that teach software security, I doubt that a majority of developers have attended even one such class. Software security has to be integrated into the CS curriculum before we can expect a majority of developers to have the appropriate skills, and then there will still be the issue of applying them under deadline pressure. That said, I agree with most of the article. We can't wait for years to software security to become a standard part of the curriculum, and most of his suggestions, such as turning C compiler warnings into errors, are good ideas no matter what the current status of security education. I also second his enthusiasm for perl's taint mode.
Teaching students how to avoid problems in C should be a separate (optional) course. Dealing with issues that have _not_ been solved in higher level languages should be a required course not burdened by the baggage of C. And whether something is a "warning" or an "error" is outside the scope of the programming language itself and into the build process which would allow completion in the face of warnings.
Current thread:
- ACM Queue article and security education James Walden (Jun 30)
- Re: ACM Queue article and security education ljknews (Jun 30)
- Re: ACM Queue article and security education Kenneth R. van Wyk (Jun 30)
- Re: ACM Queue article and security education James Walden (Jun 30)
- RE: ACM Queue article and security education Michael S Hines (Jun 30)
- <Possible follow-ups>
- Re: ACM Queue article and security education Peter G. Neumann (Jun 30)