Secure Coding mailing list archives
Where Does Secure Coding Belong In the Curriculum?
From: goertzel_karen at bah.com (Goertzel, Karen [USA])
Date: Tue, 25 Aug 2009 13:40:04 -0400
We teach toddlers from the time they can walk that they shouldn't play in traffic. A year or two later, we teach them to look both ways before crossing the street. Even later - usually when they're approaching their teens, and can deal with "grim reality", we give examples that illustrate exactly WHY they needed to know those things. But that doesn't mean we wait until the kids are 11 or 12 to tell them shouldn't play in traffic. There has to be some way to start introducing the idea even to the rawest of raw beginning programming students that "good" is much more desirable than "expedient", and then to introduce the various properties that collectively constitute "good" - including security. Karen Mercedes Goertzel, CISSP Associate 703.698.7454 goertzel_karen at bah.com ________________________________________ From: Andy Steingruebl [steingra at gmail.com] Sent: Tuesday, August 25, 2009 1:14 PM To: Goertzel, Karen [USA] Cc: Benjamin Tomhave; sc-l at securecoding.org Subject: Re: [SC-L] Where Does Secure Coding Belong In the Curriculum? On Tue, Aug 25, 2009 at 7:26 AM, Goertzel, Karen [USA]<goertzel_karen at bah.com> wrote:
For consistency's sake, I hope you agree that if security is an intermediate-to-advanced concept in software
development, then all the other "-ilities" ("goodness" properties, if you will), such as quality, reliability,
usability, safety, etc. that go beyond "just get the bloody thing to work" are also intermediate-to-advanced concepts.
In other words, teach the "goodness" properties to developers only after they've inculcated all the bad habits they
possibly can, and then, when they are out in the marketplace and never again incentivised to actually unlearn those
bad habits, TRY desperately to change their minds using nothing but F.U.D. and various other psychological means of
dubious effectiveness.
Seriously? We're going to teach kids in 5th grade who are just learning what an algorithm is how to protect against malicious inputs, how to make their application fast, handle all exception conditions, etc? ...
Current thread:
- Where Does Secure Coding Belong In the Curriculum?, (continued)
- Where Does Secure Coding Belong In the Curriculum? Andy Steingruebl (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Brad Andrews (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 25)
- Inherently Secure Code? Brad Andrews (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Pete Werner (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Andy Murren (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Andy Steingruebl (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Pravir Chandra (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 27)
- Message not available
- Where Does Secure Coding Belong In the Curriculum? Olin Sibert (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Kenneth Van Wyk (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 26)