Tracy R Reed wrote:
On Wed, Feb 16, 2005 at 04:49:41PM -0800, Neil Schneider spake thusly:
SAN FRANCISCO--Software companies are taking colleges to task for not
producing computer science graduates who know how to create secure
programs.
Sure, blame it on the poor coders. It couldn't be management producing
impossible or very difficult to secure specifications.
"Email client must automatically execute downloaded attachments to ensure
ease of use."
As someone who is currently in an IT program taught by some knowledgeable
Ph.Ds., security experts, and some real dumb-asses. I have to say it's both.
Software Engineers in general learn very little about security, and just learn
how to code and derive algorithms. Hell, many only learn how to code - which is
a very minor part of software engineering. Few classes teach anything about
security, and few instructors know enough about it to even begin to teach about
it. Some of those that do know the security side (I've had a few) simply can't
teach it due to the curriculum they are forced to cover.
This brings me to another topic that some on this list should be interested in.
My current instructor, Dr. Don Thomas (IIRC, Ph.D. in Plasma Physics, computer
programmer, Licensed Indy car driver, some other stuff), teaches a class at
UCSD on hacking (yes, I said, and I mean, hacking). The class is split into two
halves, and each half tries to break into the other half's computers over a
network. they are putting the class in the next catalog. He says they charge
~$600 for the class, but have trouble getting very many students. If I have the
money next term, I will take it. It sounds like fun and he's one of the better
instructors I've had. He doesn't care about the assignments, he only cares if
the student actually learns (which is supposedly the point of going to school,
though you wouldn't know that from talking to any given school board or a Board
of Education at any level).
PGA
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
