On Tue, Aug 25, 2009 at 4:09 AM, Stephan Neuhaus<stephan.neuh...@disi.unitn.it> wrote: > > On Aug 25, 2009, at 02:35, Benjamin Tomhave wrote: > >> First, security in the software development concept is at least an >> intermediate concept, if not advanced. > > Not at all. That would be like saying that correctness is also an advanced > concept, because it gets in the way of coding. Security is about exploiting > assumptions (often hidden) that we make when we write and deploy software. I > see no reason why teaching to think about assumptions should be deferred. > You teach math students how to do proofs right from the beginning for > essentially the same reasons :-)
<Sarcasm>really? First graders are learning to do math proofs instead of basic addition? I'm quite surprised by this.</Sarcasm> We're missing I think the point I raised earlier. Not everyone learns to program in high school or college. And, even learning the basics of what an algorithm are is tricky, much less learning defensive programming, etc. So, yes, it is an "advanced" concept for the majority of beginning programmers. -- Andy Steingruebl stein...@gmail.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
