Where Does Secure Coding Belong In the Curriculum?

[list-spam at secureconsulting.net (Benjamin Tomhave)]

Wall, Kevin wrote:
> I don't mean to split hairs here, but I think "fundamental concept"
> vs "intermediate-to-advanced concept" is a red herring. In your case
> of you teaching a 1 yr old toddler, "NO" is about the only thing
> they understand at this point. That doesn't imply that concepts like
> "street" are intermediate-to-advanced. It's all a matter of perspective.
> If you are talking to someone with a Ph.D. in physics about partial
> differential equations, PDEs *are* a fundamental concept at that level
> (and much earlier in fact). The point is, not to argue semantics, but
> rather to teach LEVEL-APPROPRIATE concepts.
I think you do mean to split hairs, and I think you're right to do so.
Context is very important. For example, all this talk about where to fit
secure coding into the curriculum is great, but it also ignores the very
large population of self-taught coders out there, as well as those who
learn their craft in a setting other than a college or university. Ergo,
it still seems like we're talking at ends about an issue that, while
important, is still only at best a partial solution.

-ben

-- 
Benjamin Tomhave, MS, CISSP
falcon at secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
Photos: http://photos.secureconsulting.net/
Web: http://falcon.secureconsulting.net/
LI: http://www.linkedin.com/in/btomhave

[ Random Quote: ]
Fitts' Law: "The time to acquire a target is a function of the distance
to and the size of the target."
http://globalnerdy.com/2007/07/18/laws-of-software-development/