Secure Coding mailing list archives
market for training CISSPs how to code (Matt Parsons)
From: cew at ACM.ORG (Craig E. Ward)
Date: Thu, 18 Mar 2010 08:41:57 -0700
On Wed, Mar 17, 2010 at 6:17 PM, ljknews <ljknews at mac.com> wrote:
At 7:27 PM +0200 3/17/10, AK wrote:Regarding training non-developers to write secure code, what are ?the circumstances that a non-developer would create code that would *require* security? I am assuming that system administrators know the basics of their trade and scripting language of choice so security there is taken care ofScripting languages should not be used for security-sensitive programs.
That statement is so broad as to be nonsense. You might as well say, "Programming languages should not be used for security-sensitive programs." (I might go along with "Imperative programming languages should not be used for security-sensitive programs.") Every programming language has its own peculiar security issues and these need to be considered when choosing an implementation language. -- Internet: cew at ACM.ORG "If a program has not been specified, it cannot be incorrect; it can only be surprising." (Young, Boebert, and Kain)
Current thread:
- market for training CISSPs how to code (Matt Parsons) AK (Mar 17)
- market for training CISSPs how to code (Matt Parsons) ljknews (Mar 17)
- market for training CISSPs how to code (Matt Parsons) Stephan Neuhaus (Mar 18)
- Message not available
- market for training CISSPs how to code (Matt Parsons) Craig E. Ward (Mar 18)
- market for training CISSPs how to code (Matt Parsons) ljknews (Mar 17)