Secure Coding mailing list archives

re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet]

From: cew at ACM.ORG (Craig E. Ward)
Date: Fri, 13 Oct 2006 17:32:59 -0700

At 9:02 PM +1000 10/13/06, mikeiscool wrote:

On 10/13/06, Craig E. Ward <cew at acm.org> wrote:

At 10:03 AM -0400 10/12/06, ljknews wrote:

At 9:20 AM -0400 10/12/06, Robert C. Seacord wrote:

  I'm also teaching a course at CMU in the spring on Secure Coding in C
  and C++.


Is there participation on this list from the (hopefully larger number of)
CMU instructors who are teaching people to use safer languages in the first
place ?
--
Larry Kilgallen



I don't think saying "use safer languages" is a good way to say it.
It would help conditions significantly if greater care were taken to
match the choice of programming language to the problem to be solved
or application to be created. If a language like C is most
appropriate, then use it, just be sure to take the extra steps needed
to develop it securely.

The problem is so much the programming languages as it is the way
they are used.


Well, programming languages can go a long way to helping solve the
problem, and it can be reasonably grey as to where to use what. Should
I use php or ror? or python? or c#? I'd say there is a very
appropriate and open space for nice "secure" languages to live and
develop.


I think that's what I was trying to say. The last sentence of my note 
has an error. I meant to write "The problem is not so much the 
programming languages as it is the way they are used."

Sorry for the bad proof reading.

Also, in the IEEE Software July/August 2006 issue in the "Tools of 
the Trade" department, Diomidis Spinellis discusses several factors 
to consider when selecting a programming language for a particular 
project. Those plus security make for some reasonable criteria to use.

Craig
-- 
Internet: cew at ACM.ORG
"If a program has not been specified, it cannot be incorrect; it can 
only be surprising." (Young, Boebert, and Kain)

Current thread:

re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gary McGraw (Oct 11)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gadi Evron (Oct 11)
  - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Robert C. Seacord (Oct 12)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 12)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Craig E. Ward (Oct 12)
    - Message not available
    - Message not available
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] mikeiscool (Oct 13)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Craig E. Ward (Oct 13)
    - Message not available
    - Message not available
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] James Walden (Oct 13)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 17)
    - Message not available
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gergely Buday (Oct 18)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Crispin Cowan (Oct 24)
    - re-writing college books - erm.. ahm... Gadi Evron (Oct 27)
    - re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
    - re-writing college books - erm.. ahm... Gadi Evron (Oct 28)
    - re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
    - re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
    - re-writing college books - erm.. ahm... Robert C. Seacord (Oct 29)

(Thread continues...)