On Aug 25, 2009, at 02:35, Benjamin Tomhave wrote:

First, security in the software development concept is at least an
intermediate concept, if not advanced.

Not at all. That would be like saying that correctness is also an advanced concept, because it gets in the way of coding. Security is about exploiting assumptions (often hidden) that we make when we write and deploy software. I see no reason why teaching to think about assumptions should be deferred. You teach math students how to do proofs right from the beginning for essentially the same reasons :-)

Perhaps this means that the
language itself needs to require strong type checking that enforce
appropriate secure coding behavior?

Unfortunately, security assumptions are rarely written down so I don't see how they can be enforced at the language or compiler level.


Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to