Secure Coding mailing list archives
Where Does Secure Coding Belong In the Curriculum?
From: list-spam at secureconsulting.net (Benjamin Tomhave)
Date: Mon, 24 Aug 2009 17:35:35 -0700
Two quick comments in catching up on the thread... First, security in the software development concept is at least an intermediate concept, if not advanced. Riffing on Brad's comments, it seems irrational to think that you can jump straight from structural basics with which many students struggle (OO anybody?) directly to concepts that bridge computer architecture, code structure, and various other problems. Second, as long as "the right way" is not the same as "the easy way" then there will always be a disconnect. Perhaps this means that the language itself needs to require strong type checking that enforce appropriate secure coding behavior? Or maybe this is even enforced at the compiler level? (there have, of course, been problems with compilers, too, particularly in optimization mode) cheers, -ben Brad Andrews wrote:
But we are not talking about separate classes. The assertion (which I probably clipped, sorry) was that it should be woven into the curriculum. I was noting where and how to do so, starting in the intro level classes. Just telling a starting programmer to properly check input length is all well and good, but falls far short of making a secure programmer. I have no doubt that you can teach some new developers the principles in a short time and make them more productive than those who have been programming longer term. They don't have to unlearn anything! But this will not work for everyone. Some will sit through a class with glazed eyes and no understanding. Also remember we will have to get outside those with a fairly high level of motivation (internal or external) for learning the material to be successful. I also would like to see how you would teach secure development, with minimal extra time load, in a basic programming sequence, possibly even at a non-traditional or lower tier school. We won't make significant progress until we can do that, and it still leaves out the "self taught."
-- Benjamin Tomhave, MS, CISSP falcon at secureconsulting.net Blog: http://www.secureconsulting.net/ Twitter: http://twitter.com/falconsview Photos: http://photos.secureconsulting.net/ Web: http://falcon.secureconsulting.net/ LI: http://www.linkedin.com/in/btomhave [ Random Quote: ] Moore's Law: "The number of transistors on an integrated circuit will double in about 18 months." http://globalnerdy.com/2007/07/18/laws-of-software-development/
Current thread:
- Where Does Secure Coding Belong In the Curriculum?, (continued)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Gunnar Peterson (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Brad Andrews (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Brad Andrews (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Gunnar Peterson (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Brad Andrews (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Mike Lyman (Aug 22)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 24)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Brad Andrews (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Steven M. Christey (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Jim Manico (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 27)