>What is wrong with this picture ?
I see both of you willing to mandate the teaching of C and yet not mandate the teaching of any of Ada, Pascal, PL/I etc.
This seems like the teaching of "making do".
You read more into my post than I wrote, as I did not mandate that the students must learn C/C++. They already know C/C++ by the time they take my course, but few have any exposure to the relevant security issues. It's important that a security class cover security issues with the languages that the students have already used in their curriculum, unless that's already covered elsewhere. How many people will change their programming language if they don't see what's wrong with the one they're currently using?
In summary, I teach the students the security issues (the "powers and failures of C" as Dana put it), not the language itself. I do offer an overview of the features of more secure languages that students haven't used, but I don't have time to teach a new language in my security class, which isn't a pure software security class.
As for teaching students languages, we traditionally taught software engineering in Ada at my university, though we've moved to mostly Java or Python since the term project was required to be a web-based system. Introductory classes are taught using Java, in part because the AP test is Java-based, while computer architecture and assembly is taught using assembly, and operating systems is taught using C/C++. Electives introduce other languages, of course. I like ocaml myself, but its use is restricted to restricted to certain electives.
-- James Walden, Ph.D. Visiting Assistant Professor of EECS The University of Toledo @ LCCC http://www.eecs.utoledo.edu/~jwalden/