While part of me agrees with that in principle, I am not so sure in practice. I have found many of the students I have struggle with just getting the basic structures down, not anything fancy.
The class is not taught at an elite university, but more "for the masses" though, but isn't that who really needs to be targeted? While the elite definitely need to understand the importance of development security and how to do it, so do the masses. The latter are going to be much harder to reach.
It is kind of like general computer user security. The power users need to know the subject, but so do the occasional users. Most programmers are not power users in the programming field, unfortunately or not.
-- Brad Andrews RBA Communications CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI Quoting Stephan Neuhaus <stephan.neuh...@disi.unitn.it>:
I maintain that when someone is intellectually mature enough so that you can teach them how to program and at the same time really know what they're doing, you can teach them about correctness and security too.
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________