At 8:10 PM -0400 6/29/04, James Walden wrote:

>While there are non-university classes and workshops that teach software security, I 
>doubt that a majority of developers have attended even one such class.  Software 
>security has to be integrated into the CS curriculum before we can expect a majority 
>of developers to have the appropriate skills, and then there will still be the issue 
>of applying them under deadline pressure.
>That said, I agree with most of the article.  We can't wait for years to software 
>security to become a standard part of the curriculum, and most of his suggestions, 
>such as turning C compiler warnings into errors, are good ideas no matter what the 
>current status of security education.  I also second his enthusiasm for perl's taint 

Teaching students how to avoid problems in C should be a separate (optional)

Dealing with issues that have _not_ been solved in higher level languages
should be a required course not burdened by the baggage of C.

And whether something is a "warning" or an "error" is outside the scope
of the programming language itself and into the build process which would
allow completion in the face of warnings.

Reply via email to