Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Where Does Secure Coding Belong In the Curriculum?

From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Wed, 26 Aug 2009 11:46:42 -0400
OK, do you really think the folks who pay our bills even understand the
difference between art and craftmanship? Imagine me building a house out
of 2x2 because I can save money on the 2x4s. If I can entertain (manage
perception) the clients such that they won't look (aka CIO) and can
distract the rogue inspector with some other finding (you always have to
let them find something) then I can frame your home and sheetrock it
before you even notice.
 
We are not craftsmen nor are customers willing to pay for it. For the
last 30 or so years, they have been taking our output regardless of
quality and using it. They are more happy with disclaimers and the
appearance of goodness than actual goodness. Enterprises might be
happier with a secure coding process that creates the appearance of
security than the actual heavy lifting of writing secure code. We live
in a world where everyone desires process to be a substitute for
competence.

________________________________

From: sc-l-bounces at securecoding.org
[mailto:sc-l-bounces at securecoding.org] On Behalf Of Jim Manico
Sent: Tuesday, August 25, 2009 11:17 PM
To: Benjamin Tomhave
Cc: sc-l at securecoding.org
Subject: Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?



I again come back to James McGovern's suggestion, which is treating

coding as an art rather than a science


Keep your Picasso out of my coding shop, world of discrete mathematics
and predicate logic! I don't care how cheap his hourly is. :)


I'd prefer to think of coders as craftsman; we certainly are not
artists, scientists or engineers. ;) And craftsman are bound by the laws
of mathematics and the sponsors who pay us, artists have no bounds.

- Jim

On Aug 25, 2009, at 11:35 AM, Benjamin Tomhave
<list-spam at secureconsulting.net> wrote:



        I again come back to James McGovern's suggestion, which is
treating
        coding as an art rather than a science

************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, 
confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, 
dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender 
immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://krvw.com/pipermail/sc-l/attachments/20090826/2cdc8188/attachment-0001.html>
Previous By Date Next
Previous By Thread Next

Current thread: