Secure Coding mailing list archives
Re: Application Insecurity --- Who is at Fault?
From: "Julie JCH Ryan, D.Sc." <jjchryan () gwu edu>
Date: Fri, 08 Apr 2005 16:19:10 +0100
This is a little off topic, but I'm wondering if anyone would like to comment. One of our students posited that US computer science students have lost their edge because they haven't done well in the ACM programming challenge recently. He wrote, among other things, that: "Interesting factoids: The last US Champion was Harvey Mudd College in 1997. No North American school has won since 1999 when the Univ. of Waterloo took the prize. The first foreign school to win the competition since it started in 1977 was Univ. of Otago (New Zealand) in 1990. Since 1990, only 4 times has a US school won." [Ed. FYI, a summary of the ACM challenge and the overall results can be found at: http://www.tmcnet.com/usubmit/2005/Apr/1131800.htm KRvW] Other students chimed in on the argument positing that the programming challenge was an inaccurate measure of student programming capability because the contestant was not allowed to do research on the internet during the challenge. Another said the problem was that the challenge was too long and required contestants to have memorized too much. A professor (not me) weighed into the discussion and agreed, saying: "it could be that the contest is not a true representation of good programming! from what I understand it is heavily skewed towards math type problems." One other student posted this comment (reproduced accurately): "I do not have to be good in Programming guys! We outsource all of the programming jobs to oversee!!!!!!!!!!!!!!!!!!!!!!!!!!! So, why do we have to train well in programming any way? Good luck with our future scientists, and I think that included me!" So I'm wondering what all you folks out there in real world land think about this. This is particularly interesting to me because I just had a doctoral student come to me with an idea for dissertation research that included an hypothesis that organizations at SEI 1 were better able to estimate software development time and costs than organizations at SEI 5. He didn't seem to grasp the implications to quality, security, life cycle maintenance, etc.
Current thread:
- Re: Adding some unexpected reliability expectations, (continued)
- Re: Adding some unexpected reliability expectations Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 14)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 14)
- Re: Re: Application Insecurity --- Who is at Fault? Damir Rajnovic (Apr 11)
- RE: Re: Application Insecurity --- Who is at Fault? Yousef Syed (Apr 11)
- Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 07)
- Re: Application Insecurity --- Who is at Fault? ljknews (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Julie JCH Ryan, D.Sc. (Apr 08)
- Re: Application Insecurity --- Who is at Fault? Crispin Cowan (Apr 08)
- Re: Application Insecurity --- Who is at Fault? George Capehart (Apr 19)
- Re: [ot] Application Insecurity --- Who is at Fault? Pete Shanahan (Apr 10)
- Re: Application Insecurity --- Who is at Fault? secureCoding2dave (Apr 07)
- RE: Application Insecurity --- Who is at Fault? Yousef Syed (Apr 10)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Jeff Williams (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)