On Sun, 29 Oct 2006, Robert C. Seacord wrote: > Gadi, > > I feel like I've been here before, but I'll give it another shot anyway. > > > Okay, than let's make some progress: > > 1. Where and who is currently involved with doing this? > > 2. What are they doing? > > 3. Can we use their experience to make it a larger success? > > 4. How do we begin doing something large-scale? > > The Secure Coding Initiative at CERT has a web site at > www.securecoding.cert.org. The purpose of this site is to collect > secure coding recommendations and rules for various programming > languages. Our initial focus has been C and C++, but we are willing and > interested in expanding this effort to other programming languages > provided that we can find someone to manage the efforts. > > The C and C++ material on the site will be used as supplemental material > to the Addison-Wesley book "Secure Coding in C and C++" in a "Secure > Programming" course I am teaching this Spring at CMU (so it is being > used to teach, as well as being a commercial and government resource). > I am also working with other instructors at other educational > institutions to develop secure coding curriculum.
We misunderstand each other. I am not speaking of a secure coding book, I am speaking of "Introduction to Computer Science" and "The C programming Language". If we can use what you have already worked on to supplament these courses, then all for the better! > > We have had significant community effort in the development of these > secure coding standard practices so far, but we can use all the help we > can get. If you would like to get involved, go the sight, sign up, and > start reviewing the material. If you are qualified and would like to > edit the material directly, send me email and I will grant you edit > permissions. I doubt I am that much of a good coder anymore. > > I think having a body of knowledge that identifies insecure coding > practices and provides secure alternatives is a good first start, and > not as easy as it sounds. Agreed! Nice work on all that! > > --------- > > I also had another thought about improving the quality of code examples > in texts. I know my publisher (Addison-Wesley), and I'm sure others, > are very concerned about quality. I could ask my editor if they would > be willing to make sure that someone with a security background reviewed > any new programming texts. If we can come up with a list of subject > matter experts willing to review new texts, I'm guessing they would be > very happy to have our feedback. That sounds like a very good idea! I am sure many would agree to get some extra cash for reviewing, thing is, that doesn't pay very well. > > rCs > > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
