Gadi Evron wrote: > So, "dump C", "Use SML", "What secure coding classes are you doing?" and > "we are already doing it!!" are the responses I got when I started this > thread. > What did you expect from whining about the generally poor quality of software? :)
> Can someone mention again why re-writing the main often-used and probably > less than 3 mostly-used basic programming books is a bad idea? > Uh ... 'cause I question the assertion that there are 3 mostly-used basic programming books. I suspect it is more like 78 mostly used books. More importantly, if there are 3 mostly used books, then there are 78 more behind them vying for those 3 slots, and they all have the same problems. If you write a new book, then you just join the pool of 78, and you have the impact of a drop in the bucket. Worse, we are talking about correctness here. Correctness is hard, and correctness on a large scale is harder. I doubt that even a concerted effort at a "correct" book on intro to programming would manage to actually be correct any time before the 3rd edition, 10 years from now. Seeking perfect correctness as an approach to security is a fool's errand. Security is designing systems that can tolerate imperfect software. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Hack: adroit engineering solution to an unanticipated problem Hacker: one who is adroit at pounding round pegs into square holes _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
