--- On Tue, 9/29/09, Rich Kulawiec <[email protected]> wrote:
> To confront the enemy, it's necessary to know the enemy --
> and the enemy's strategies and tactics. Refusing to learn
> these guarantees defeat.
I'm with Rich (yes, and very few others) on this one. This is imho an issue
best addressed with a balance of openness and paranoia - as Dave suggests in
his response, classes should be held in clean labs (no connectivity/removable
media) - but we lose more than we gain by not expanding understanding of the
mechanics involved with malware.
The risk in following this path is directly related to the statistical badness
of the people who are exposed to the curriculum. If you believe that a notable
percentage of folks would be likely to take the lessons and go write new
malware then the risk would be high, if you believe the opposite then the risk
would be low.
I think those who are seeking this information are finding it already, and
those who are not would not misuse it (much like the drug abuse issue).
It is also quite possible that a very good argument could be made that teaching
programmers how to write malware could be the #1 way to get them to write
secure applications.
-chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
