I am sure some things could be put into a basic class, but the ideas are a bit deeper. Security at the "Hello World!" or Mortgage Calculator program level seems quite difficult.
I am not so sure. Granted an entry level programmer is going to be an expert, but they can be pretty effective. I have taught App Security classes where there were people with 20+ years of programming experience and people with 3 months of OJT programming experience. At the end of the two day class they each had the exact same amount of App Security training.
The basic concepts of AAA and so on are not so hard to understand. My guess is its much harder to start with Hello World, with no security, add layers and layers of stuff on top of that over the decades and then have to go back and question every single thing...
Someone who spent 20 years building cars with no brakes would have a different experience than someone who was taught from the get go that all cars have brakes and here is how you design/build them.
-gunnar _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
