Secure Coding mailing list archives
Where Does Secure Coding Belong In the Curriculum?
From: steingra at gmail.com (Andy Steingruebl)
Date: Tue, 25 Aug 2009 10:14:41 -0700
On Tue, Aug 25, 2009 at 7:26 AM, Goertzel, Karen [USA]<goertzel_karen at bah.com> wrote:
For consistency's sake, I hope you agree that if security is an intermediate-to-advanced concept in software development, then all the other "-ilities" ("goodness" properties, if you will), such as quality, reliability, usability, safety, etc. that go beyond "just get the bloody thing to work" are also intermediate-to-advanced concepts. In other words, teach the "goodness" properties to developers only after they've inculcated all the bad habits they possibly can, and then, when they are out in the marketplace and never again incentivised to actually unlearn those bad habits, TRY desperately to change their minds using nothing but F.U.D. and various other psychological means of dubious effectiveness.
Seriously? We're going to teach kids in 5th grade who are just learning what an algorithm is how to protect against malicious inputs, how to make their application fast, handle all exception conditions, etc? Maybe we're still having that pupil/student discussion? In engineering disciplines we split courses into different areas of concern but still make everyone take all of the classes whether they are beginner or advanced. Or, physics for example. Or maybe something like music lessons? Maybe we should teach all kids about vibrato and complex rhythms from day-1, or maybe before they have even picked up an instrument we should make them study music theory? I'm just having a hard time understanding why we're trying to invent this from scratch when plenty of other disciplines, how people learn other skills, etc. all start from basics and then get more advanced. -- Andy Steingruebl steingra at gmail.com
Current thread:
- Where Does Secure Coding Belong In the Curriculum?, (continued)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Andy Steingruebl (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Brad Andrews (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Stephan Neuhaus (Aug 25)
- Inherently Secure Code? Brad Andrews (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Pete Werner (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Andy Murren (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Andy Steingruebl (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Pravir Chandra (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Benjamin Tomhave (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 26)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 27)
- Message not available
- Where Does Secure Coding Belong In the Curriculum? Olin Sibert (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Kenneth Van Wyk (Aug 26)