On Sat, 28 Oct 2006, Crispin Cowan wrote:
> Gadi Evron wrote:
> > So, "dump C", "Use SML", "What secure coding classes are you doing?" and
> > "we are already doing it!!" are the responses I got when I started this
> > thread.
> >
> What did you expect from whining about the generally poor quality of
> software? :)
>
> > Can someone mention again why re-writing the main often-used and probably
> > less than 3 mostly-used basic programming books is a bad idea?
> >
> Uh ... 'cause I question the assertion that there are 3 mostly-used
> basic programming books. I suspect it is more like 78 mostly used books.
> More importantly, if there are 3 mostly used books, then there are 78
> more behind them vying for those 3 slots, and they all have the same
> problems. If you write a new book, then you just join the pool of 78,
> and you have the impact of a drop in the bucket.
>
> Worse, we are talking about correctness here. Correctness is hard, and
> correctness on a large scale is harder. I doubt that even a concerted
> effort at a "correct" book on intro to programming would manage to
> actually be correct any time before the 3rd edition, 10 years from now.
>
> Seeking perfect correctness as an approach to security is a fool's
> errand. Security is designing systems that can tolerate imperfect software.
For argument sake, let's assume there are 100.
How about campaigning for a secure coding chapter to be added to these
semester, erm, world-wide?
Nothing is ever easy, but we have to start somewhere. I don't see why this
is a bad idea. Yes, it takes time. Yes, it will have a much bigger impact.
Gadi.
>
> Crispin
>
> --
> Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
> Director of Software Engineering, Novell http://novell.com
> Hack: adroit engineering solution to an unanticipated problem
> Hacker: one who is adroit at pounding round pegs into square holes
>
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
