OK, do you really think the folks who pay our bills even understand the difference between art and craftmanship? Imagine me building a house out of 2x2 because I can save money on the 2x4s. If I can entertain (manage perception) the clients such that they won't look (aka CIO) and can distract the rogue inspector with some other finding (you always have to let them find something) then I can frame your home and sheetrock it before you even notice. We are not craftsmen nor are customers willing to pay for it. For the last 30 or so years, they have been taking our output regardless of quality and using it. They are more happy with disclaimers and the appearance of goodness than actual goodness. Enterprises might be happier with a secure coding process that creates the appearance of security than the actual heavy lifting of writing secure code. We live in a world where everyone desires process to be a substitute for competence.
________________________________ From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On Behalf Of Jim Manico Sent: Tuesday, August 25, 2009 11:17 PM To: Benjamin Tomhave Cc: sc-l@securecoding.org Subject: Re: [SC-L] Where Does Secure Coding Belong In the Curriculum? > I again come back to James McGovern's suggestion, which is treating coding as an art rather than a science Keep your Picasso out of my coding shop, world of discrete mathematics and predicate logic! I don't care how cheap his hourly is. :) I'd prefer to think of coders as craftsman; we certainly are not artists, scientists or engineers. ;) And craftsman are bound by the laws of mathematics and the sponsors who pay us, artists have no bounds. - Jim On Aug 25, 2009, at 11:35 AM, Benjamin Tomhave <list-s...@secureconsulting.net> wrote: I again come back to James McGovern's suggestion, which is treating coding as an art rather than a science ************************************************************ This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________