Where Does Secure Coding Belong In the Curriculum?

[goertzel_karen at bah.com (Goertzel, Karen [USA])]

Your Picasso - or, perhaps, Frank Lloyd Wright would be a better analogy - definitely has a role in software 
development.  I want his creativity up front in the specification and high-level design of the building (the software 
system). But when it comes to detailed design and testing, I'm going to call in the engineers, and when it comes to 
coding, no-one does it better than skilled construction workers who have mastered the use of hammers, saws, adzes, etc. 

So yes - the coders are craftsmen. But the problem is that in software development, the roles are seldom so clearcut, 
especially not in Agile development. So one does find far too many craftsmen attempting the engineers' and architects' 
jobs without anything like the necessary training and certification of their competence to perform those functions.

Or maybe, if we accept the "software development as an art" analogy, our problem is we have way too many architects 
trying to code successfully.

Karen Mercedes Goertzel, CISSP
Associate
703.698.7454
goertzel_karen at bah.com
________________________________________
From: sc-l-bounces at securecoding.org [sc-l-bounces at securecoding.org] On Behalf Of Jim Manico [jim at manico.net]
Sent: Tuesday, August 25, 2009 11:17 PM
To: Benjamin Tomhave
Cc: sc-l at securecoding.org
Subject: Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

> I again come back to James McGovern's suggestion, which is treating
coding as an art rather than a science

Keep your Picasso out of my coding shop, world of discrete mathematics and predicate logic! I don't care how cheap his 
hourly is. :)

I'd prefer to think of coders as craftsman; we certainly are not artists, scientists or engineers. ;) And craftsman are 
bound by the laws of mathematics and the sponsors who pay us, artists have no bounds.

- Jim