Secure Coding mailing list archives

Re: Education and security -- another perspective (was "ACM Queue - Content")

From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 08 Jul 2004 21:29:34 +0100


Fernando Schapachnik wrote:

I smell a discusion going nowhere. What is the point of teaching a languague?
Teach them to program in a paradigm (better, in all of them, and give them the
tools to make educated choices about which is better for each context), and
choose any language as an *example* of the paradigm.


Ah... but beyond design problems, aren't most security problems 
language-specific abuses and bugs?  I'm thinking things like "I didn't 
realize it would let me mix signed and unsigned... I didn't realize it 
would let me right off the end of the buffer... I didn't realize I had 
to escape or filter certain characters...."


                                        BB

Current thread:

Re: Education and security -- another perspective (was "ACM Queue - Content"), (continued)
- - - Re: Education and security -- another perspective (was "ACM Queue - Content") Crispin Cowan (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") der Mouse (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") James Walden (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Julie JCH Ryan, D.Sc. (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Dana Epp (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") ljknews (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Jose Nazario (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Blue Boar (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Jose Nazario (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Fernando Schapachnik (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Blue Boar (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Blue Boar (Jul 08)
    - Re: Education and security -- plus safety, reliability and availability Jim & Mary Ronback (Jul 08)
    - Re: Education and security -- plus safety, reliability and availability Dana Epp (Jul 08)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") Crispin Cowan (Jul 06)
    - Re: Education and security -- another perspective (was "ACM Queue - Content") James Walden (Jul 07)
- RE: Education and security -- another perspective (was "ACM Queue - Content") Wall, Kevin (Jul 07)