On Aug 21, 2009, at 17:51, Brad Andrews wrote:
Has anyone who holds to this taught a beginning level programming class?
I have. I taught a security class to undergrads. It was easier than I thought, at least the basics were. I got them excited by a "let's try to break things" attitude. They wrote buffer overflow exploits (using freely available shellcode), they cracked linear congruential PRNGs, they subverted insecure protocols. As far as I can tell, they had a good time, since I had the highest retention rate for optional courses in that year: 40 signed up for the course and 39 took the final exam.
Once they understood that the right mind-set is not "oh come on, what can possibly go wrong?" but "okay, let's see what *can* go wrong", they were on their way.
Stephan _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
