On Thu, Sep 2, 2010 at 7:23 PM, Les Hughes <[email protected]> wrote: [ ... ] > > Universities can always do more, but it is my believe that universities are > academic institutions, not vocational ones (there is overlap.. but for > simplicity...). you are trained in 'Computer Science'/etc, not in > 'programming'.
To a point I agree, but you're kind of saying that Universities shouldn't teach anything in particular at all; except for general problem solving skills. This is clearly wrong. Clearly there are things Uni's should teach and, if the "thing" is core and relevant to the field, and important, it should be considered. But I also agree with you. Like I replied to Sam, "sql injection" is nothing special; it's just "escaping" the context you are in, and being in a new context, where you can execute commands that cause harm. Every single person who understands the difference between a comment and a line of code should appreciate this difference. It is trivial. There is no excuse. So, all your graduates should know this. There are obviously areas that companies themselves can cover, and other areas that organisations can step up and offer training and make some money. But I think, if we - as a programming/security community - decide that a given problem is *so important* that it needs to be addressed at this basic level, we should attempt to do so. Uni's open themselves up to seminars from industry; RMIT has a bunch of them in all fields, I'm sure others do as well, so if all we need to do is put up a hand and say "Hey, we'd like to help some young programmers understand some real issues, interesting issues, from the real world", then lets do it, as opposed to sitting around sending pointless emails to each other on the matter. > :) :) > -- > Les Hughes > [email protected] -- silky http://dnoondt.wordpress.com/ "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature."
