Re: Education and security -- another perspective (was "ACM Queue - Content")

[James Walden <jwalden () eecs utoledo edu>]

ljknews wrote:

What is wrong with this picture ?

I see both of you willing to mandate the teaching of C and yet not
mandate the teaching of any of Ada, Pascal, PL/I etc.

>

This seems like the teaching of "making do".


You read more into my post than I wrote, as I did not mandate that the students 
must learn C/C++.  They already know C/C++ by the time they take my course, but 
few have any exposure to the relevant security issues.  It's important that a 
security class cover security issues with the languages that the students have 
already used in their curriculum, unless that's already covered elsewhere.  How 
many people will change their programming language if they don't see what's 
wrong with the one they're currently using?


In summary, I teach the students the security issues (the "powers and failures 
of C" as Dana put it), not the language itself.  I do offer an overview of the 
features of more secure languages that students haven't used, but I don't have 
time to teach a new language in my security class, which isn't a pure software 
security class.


As for teaching students languages, we traditionally taught software 
engineering in Ada at my university, though we've moved to mostly Java or 
Python since the term project was required to be a web-based system. 
Introductory classes are taught using Java, in part because the AP test is 
Java-based, while computer architecture and assembly is taught using assembly, 
and operating systems is taught using C/C++.  Electives introduce other 
languages, of course.  I like ocaml myself, but its use is restricted to 
restricted to certain electives.


--
James Walden, Ph.D.
Visiting Assistant Professor of EECS
The University of Toledo @ LCCC
http://www.eecs.utoledo.edu/~jwalden/