Secure Coding mailing list archives
Re: ACM Queue article and security education
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Wed, 30 Jun 2004 17:11:58 +0100
James Walden wrote: I'd like to open a discussion based on this quote from Marcus Ranum's ACM Queue article entitled "Security: The root of the problem": Thanks. I also read Marcus's article with interest. Caveat: clearly, I have a biased outlook, since software security training is one of the things that I do for a living. Overall, I like and agree with much of what Marcus said in the article. I don't, however, believe that we can count on completely putting security "below the radar" for developers. Having strong languages, compilers, and run-time environments that actively look out for and prevent common problems like buffer overruns are worthy goals, to be sure, but counting solely on them presumes that there are no security problems at the design, integration, or operations stages of the lifecycle. Even if the run-time environment that Marcus advocates is _perfect_ in its protection, these other issues are still problematic and require the developers and operations staff to understand the problems.
Current thread:
- ACM Queue article and security education James Walden (Jun 30)
- Re: ACM Queue article and security education ljknews (Jun 30)
- Re: ACM Queue article and security education Kenneth R. van Wyk (Jun 30)
- Re: ACM Queue article and security education James Walden (Jun 30)
- RE: ACM Queue article and security education Michael S Hines (Jun 30)
- <Possible follow-ups>
- Re: ACM Queue article and security education Peter G. Neumann (Jun 30)