[SC-L] Where Does Secure Coding Belong In the Curriculum?
Brad Andrews
andrews at rbacomm.com
Tue Aug 25 16:27:33 EDT 2009
While part of me agrees with that in principle, I am not so sure in
practice. I have found many of the students I have struggle with just
getting the basic structures down, not anything fancy.
The class is not taught at an elite university, but more "for the
masses" though, but isn't that who really needs to be targeted? While
the elite definitely need to understand the importance of development
security and how to do it, so do the masses. The latter are going to
be much harder to reach.
It is kind of like general computer user security. The power users
need to know the subject, but so do the occasional users. Most
programmers are not power users in the programming field,
unfortunately or not.
--
Brad Andrews
RBA Communications
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI
Quoting Stephan Neuhaus <Stephan.Neuhaus at disi.unitn.it>:
> I maintain that when someone is intellectually mature
> enough so that you can teach them how to program and at the same time
> really know what they're doing, you can teach them about correctness
> and security too.
More information about the SC-L
mailing list