Secure Coding mailing list archives
re-writing college books - erm.. ahm...
From: ge at linuxbox.org (Gadi Evron)
Date: Mon, 30 Oct 2006 01:23:34 -0600 (CST)
On Sun, 29 Oct 2006, Robert C. Seacord wrote:
Gadi, I feel like I've been here before, but I'll give it another shot anyway.Okay, than let's make some progress: 1. Where and who is currently involved with doing this? 2. What are they doing? 3. Can we use their experience to make it a larger success? 4. How do we begin doing something large-scale?The Secure Coding Initiative at CERT has a web site at www.securecoding.cert.org. The purpose of this site is to collect secure coding recommendations and rules for various programming languages. Our initial focus has been C and C++, but we are willing and interested in expanding this effort to other programming languages provided that we can find someone to manage the efforts. The C and C++ material on the site will be used as supplemental material to the Addison-Wesley book "Secure Coding in C and C++" in a "Secure Programming" course I am teaching this Spring at CMU (so it is being used to teach, as well as being a commercial and government resource). I am also working with other instructors at other educational institutions to develop secure coding curriculum.
We misunderstand each other. I am not speaking of a secure coding book, I am speaking of "Introduction to Computer Science" and "The C programming Language". If we can use what you have already worked on to supplament these courses, then all for the better!
We have had significant community effort in the development of these secure coding standard practices so far, but we can use all the help we can get. If you would like to get involved, go the sight, sign up, and start reviewing the material. If you are qualified and would like to edit the material directly, send me email and I will grant you edit permissions.
I doubt I am that much of a good coder anymore.
I think having a body of knowledge that identifies insecure coding practices and provides secure alternatives is a good first start, and not as easy as it sounds.
Agreed! Nice work on all that!
--------- I also had another thought about improving the quality of code examples in texts. I know my publisher (Addison-Wesley), and I'm sure others, are very concerned about quality. I could ask my editor if they would be willing to make sure that someone with a security background reviewed any new programming texts. If we can come up with a list of subject matter experts willing to review new texts, I'm guessing they would be very happy to have our feedback.
That sounds like a very good idea! I am sure many would agree to get some extra cash for reviewing, thing is, that doesn't pay very well.
rCs
Current thread:
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet], (continued)
- Message not available
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] James Walden (Oct 13)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 17)
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gergely Buday (Oct 18)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Crispin Cowan (Oct 24)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 27)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 29)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Leichter, Jerry (Nov 05)
- re-writing college books - erm.. ahm... Gadi Evron (Nov 05)
- re-writing college books - erm.. ahm... Wall, Kevin (Nov 06)
- re-writing college books - erm.. ahm... pete werner (Nov 06)
- re-writing college books - erm.. ahm... Paul Powenski (Nov 06)
- re-writing college books - erm.. ahm... Leichter, Jerry (Nov 06)
- re-writing college books - erm.. ahm... Gunnar Peterson (Oct 30)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] David Crocker (Oct 28)