Secure Coding mailing list archives
re-writing college books - erm.. ahm...
From: ge at linuxbox.org (Gadi Evron)
Date: Sat, 28 Oct 2006 07:17:29 -0500 (CDT)
On Sat, 28 Oct 2006, Crispin Cowan wrote:
Gadi Evron wrote:So, "dump C", "Use SML", "What secure coding classes are you doing?" and "we are already doing it!!" are the responses I got when I started this thread.What did you expect from whining about the generally poor quality of software? :)Can someone mention again why re-writing the main often-used and probably less than 3 mostly-used basic programming books is a bad idea?Uh ... 'cause I question the assertion that there are 3 mostly-used basic programming books. I suspect it is more like 78 mostly used books. More importantly, if there are 3 mostly used books, then there are 78 more behind them vying for those 3 slots, and they all have the same problems. If you write a new book, then you just join the pool of 78, and you have the impact of a drop in the bucket. Worse, we are talking about correctness here. Correctness is hard, and correctness on a large scale is harder. I doubt that even a concerted effort at a "correct" book on intro to programming would manage to actually be correct any time before the 3rd edition, 10 years from now. Seeking perfect correctness as an approach to security is a fool's errand. Security is designing systems that can tolerate imperfect software.
For argument sake, let's assume there are 100. How about campaigning for a secure coding chapter to be added to these semester, erm, world-wide? Nothing is ever easy, but we have to start somewhere. I don't see why this is a bad idea. Yes, it takes time. Yes, it will have a much bigger impact. Gadi.
Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hack: adroit engineering solution to an unanticipated problem Hacker: one who is adroit at pounding round pegs into square holes
Current thread:
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet], (continued)
- Message not available
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] mikeiscool (Oct 13)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Craig E. Ward (Oct 13)
- Message not available
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] James Walden (Oct 13)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 17)
- Message not available
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gergely Buday (Oct 18)
- re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Crispin Cowan (Oct 24)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 27)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 29)
- re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
- re-writing college books - erm.. ahm... Robert C. Seacord (Oct 28)
- re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
- re-writing college books - erm.. ahm... Leichter, Jerry (Nov 05)
- re-writing college books - erm.. ahm... Gadi Evron (Nov 05)
- re-writing college books - erm.. ahm... Wall, Kevin (Nov 06)
- re-writing college books - erm.. ahm... pete werner (Nov 06)