Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Where Does Secure Coding Belong In the Curriculum?

From: steingra at gmail.com (Andy Steingruebl)
Date: Tue, 25 Aug 2009 09:07:31 -0700
On Tue, Aug 25, 2009 at 4:09 AM, Stephan
Neuhaus<Stephan.Neuhaus at disi.unitn.it> wrote:


On Aug 25, 2009, at 02:35, Benjamin Tomhave wrote:


First, security in the software development concept is at least an
intermediate concept, if not advanced.


Not at all. That would be like saying that correctness is also an advanced
concept, because it gets in the way of coding. Security is about exploiting
assumptions (often hidden) that we make when we write and deploy software. I
see no reason why teaching to think about assumptions should be deferred.
You teach math students how to do proofs right from the beginning for
essentially the same reasons :-)


<Sarcasm>really?  First graders are learning to do math proofs instead
of basic addition?  I'm quite surprised by this.</Sarcasm>

We're missing I think the point I raised earlier.  Not everyone learns
to program in high school or college.  And, even learning the basics
of what an algorithm are is tricky, much less learning defensive
programming, etc.

So, yes, it is an "advanced" concept for the majority of beginning programmers.

-- 
Andy Steingruebl
steingra at gmail.com
Previous By Date Next
Previous By Thread Next

Current thread: