re-writing college books - erm.. ahm...

[ge at linuxbox.org (Gadi Evron)]

On Sat, 28 Oct 2006, Crispin Cowan wrote:
> Gadi Evron wrote:
> > So, "dump C", "Use SML", "What secure coding classes are you doing?" and
> > "we are already doing it!!" are the responses I got when I started this
> > thread.
> >   
> What did you expect from whining about the generally poor quality of
> software? :)
>
> > Can someone mention again why re-writing the main often-used and probably
> > less than 3 mostly-used basic programming books is a bad idea?
> >   
> Uh ... 'cause I question the assertion that there are 3 mostly-used
> basic programming books. I suspect it is more like 78 mostly used books.
> More importantly, if there are 3 mostly used books, then there are 78
> more behind them vying for those 3 slots, and they all have the same
> problems. If you write a new book, then you just join the pool of 78,
> and you have the impact of a drop in the bucket.
>
> Worse, we are talking about correctness here. Correctness is hard, and
> correctness on a large scale is harder. I doubt that even a concerted
> effort at a "correct" book on intro to programming would manage to
> actually be correct any time before the 3rd edition, 10 years from now.
>
> Seeking perfect correctness as an approach to security is a fool's
> errand. Security is designing systems that can tolerate imperfect software.

For argument sake, let's assume there are 100.

How about campaigning for a secure coding chapter to be added to these
semester, erm, world-wide?

Nothing is ever easy, but we have to start somewhere. I don't see why this
is a bad idea. Yes, it takes time. Yes, it will have a much bigger impact.

        Gadi.

> Crispin
>
> -- 
> Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
> Director of Software Engineering, Novell  http://novell.com
>      Hack: adroit engineering solution to an unanticipated problem
>      Hacker: one who is adroit at pounding round pegs into square holes