Keyboard Cowboy, Education is always a good thing. I think kids should have the opportunity to learn both sides of software security. Great suggestion.
Kids, by nature, are drawn to things that are taboo and demonized. Which hacking no doubt falls into, and according to Daniel, also Angelina Jolie. We can find great analogies to the "hacker kids problem" in recent studies done on teenage behaviors: The Bible Belt, particularly evangelicals in the south, have the highest rates of teen sex and pregnancy in the US. Telling kids to "abstain" clearly doesn't work as well as teaching them how things work, and in particular careful education surrounding the use of safety devices. To the exact point you made in your blog. We see the exact same statistics surrounding firearm safety and education (in the US, again). Children (and adults) exposed to firearm safety and education rarely fall into firearm-accident statistics. Studies indicate that it is the kids we hide things from, that want to pull the trigger to see what happens when they discover the [taboo]. In locations where children have open and honest instruction, and are provided with viable outlets for their firearms (say, condoms) we find discharge accident rates to be lower per-capita. Again - the same point your blog post was making. --- The Bad Peoples: None of this does anything to solve the "Bad People" hacking problem. That solution requires Guns or Religion, which is far off topic for this list. As Daniel pointed out - there's also a huge problem in webappsec with *poor people*. So, I think Daniel has some ideas for dealing with them too, but I, the reader, am not sure I understand what he is suggesting. When he comes back through the door maybe we'll learn more. Definitely an exciting subject! --- Arian Evans Solipsistic Software Security Sophist On Tue, Apr 13, 2010 at 6:33 AM, Daniel Herrera <daherrera...@yahoo.com>wrote: > DARE didn't stop youth drug use, > Sex Ed didn't stop teen pregnancy rates, > Why would your program stop/reduce script kiddies... j/k > > In all seriousness I think your perspective on the cost/benefit is really > skewed on this one. > > Attacks against US assets are a method of revenue generation in several > impoverished areas around the world. Places where the infrastructure would > have very little means to even begin implementing a program like you > described without serious financial aid. And once such a system was put in > place the financial drive would still push people to participate in this > behavior to feed their families, pay their rent, etc. > > In the end I would try to think about the drivers behind malicious behavior > a lot more closely. Sure there are examples were "hacking" has been > romanticized in the past within our society but not enough for some kid to > watch the movie "HACKERS" and then decide to go after his grandmothers > credit card because then he would get to date Angelina Jolie. (well other > than me) > > I wrote this on my way out the door so my point is in there some where but > probably should go through some back and forth to get cleared up let me know > if you, the reader, disagrees. > > Regards, > > > Daniel > > --- On *Mon, 4/12/10, Matt Parsons <mparsons1...@gmail.com>* wrote: > > > From: Matt Parsons <mparsons1...@gmail.com> > Subject: [WEB SECURITY] RE: How to stop hackers at the root cause > To: "'Matt Parsons'" <mparsons1...@gmail.com>, SC-L@securecoding.org > Cc: owaspdal...@utdallas.edu, "'Webappsec Group'" < > websecur...@webappsec.org>, webapp...@securityfocus.com > Date: Monday, April 12, 2010, 9:51 PM > > > I have published a blog post on how I think we could potentially stop > hackers in the next generation. Please let me know what you think of it or > if it has been done before. > > > > http://parsonsisconsulting.blogspot.com/ > > > > > > > > Matt Parsons, MSM, CISSP > > 315-559-3588 Blackberry > > 817-294-3789 Home office > > "Do Good and Fear No Man" > > Fort Worth, Texas > > A.K.A The Keyboard Cowboy > > mailto:mparsons1...@gmail.com<http://mc/compose?to=mparsons1...@gmail.com> > > http://www.parsonsisconsulting.com > > http://www.o2-ounceopen.com/o2-power-users/ > > http://www.linkedin.com/in/parsonsconsulting > > http://parsonsisconsulting.blogspot.com/ > > http://www.vimeo.com/8939668 > > > > [image: 0_0_0_0_250_281_csupload_6117291] > > > > [image: untitled] > > > > > > > > > > > > > > > > >
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
