Andy Steingruebl wrote:
> I think our real question isn't just how to reach the "professional"
> programmer trained via formal training programs, but also how to reach
> the "amateur" programmer trained via books, trial+error, etc.

One area here is making sure examples are done correctly. The database
examples that connected to an MS SQL server with userid=SA;password=""
used to drive me crazy. "The sample code does it that way so I better do
it that way." It makes for more complicated sample code but it may be
the only way to reach these self taught folks.

Mike Lyman

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to