Secure Coding mailing list archives
SANS List etc..
From: shouvik at electrosoft-inc.com (Shouvik Bardhan)
Date: Thu, 15 Jan 2009 09:08:45 -0500
Guys, I am new to the App Security area so Stupid Comments Alert firstly. Many thanks for the insights that I get from the discussions on this board. I have been doing design/development for nearly 25 years now and it is interesting and frightening, how I hardly ever actively think (thought) while coding about Security - I know, I know !! So a few questions and comment from a newbie in the field a) Why is the meaning of input validation/output encoding so passionately contested? Is the subject not well understood? Are the remedies not well known? Is there a need to define the validation/protection in a more formal manner? b) I kind of like the OWASP T10, OWASP ASVS, OWASP Testing guide and now the SANS25. To me the App Security is a new field for many of us and if some smart folks get together and create "Things to consider" type of lists - isn't it a good thing? When DHS tells me to keep 7 days of water/food, flash lights/batteries and a transistor radio - I think "well, this may or may not be enough but fairly smart people have come up with a list and I better take a note of that" c) I am trying to understand why Gary said that teaching secure programming at University Level is not a good idea. Maybe not as a CS102 and CS202 class - there guys just need to be able to understand to write code. But why is it not a good idea to teach secure programming in a MS curriculum? Thanks again. -Shouvik -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20090115/432f3c87/attachment.html
Current thread:
- SANS List etc.. Shouvik Bardhan (Jan 15)
- SANS List etc.. Gary McGraw (Jan 15)
- SANS List etc.. Matt Bishop (Jan 15)
- SANS List etc.. Gary McGraw (Jan 15)
- SANS List etc.. Matt Bishop (Jan 15)
- SANS List etc.. Gary McGraw (Jan 15)