Re: Re: SC-L-DIGEST V1 #9

[Brett Hutley <brett () hutley net>]

David A. Wheeler wrote:

*snip*
An alternative to accrediting individuals would be to REMOVE the 
acceditation from CS and SE universities/colleges who fail to teach 
how to develop secure software. Nobody is going to write their own 
quicksort anymore, a topic they all cover ad nauseum.  Yet every 
developer WILL be writing a program that connects to an intranet or 
Internet, and those graduates' understanding of secure software 
development may determine if we live another day.  Our lives are in 
their hands,

*snip*

The difference in complexity between writing a quicksort routine and
building a network server/client is many orders of magnitude.

A quicksort routine might take a few pages in a textbook. I recommend
anyone that wants to learn network programming *start* with Steven's
books "Unix Network Programming" & "TCP/IP Illustraded" series, then
move on to maybe Snader's "Effective TCP/IP Programming".

To write a decent threaded *real world* network server is still
non-trivial in C or C++.  With toolkits like ACE it is easier to create
the server, but there is still a huge learning curve.

--
Brett Hutley [MAppFin,CISSP,SANS GCIH]
mailto:[EMAIL PROTECTED]
http://hutley.net/brett