On Aug 25, 2009, at 02:35, Benjamin Tomhave wrote:
First, security in the software development concept is at least an intermediate concept, if not advanced.
Not at all. That would be like saying that correctness is also an advanced concept, because it gets in the way of coding. Security is about exploiting assumptions (often hidden) that we make when we write and deploy software. I see no reason why teaching to think about assumptions should be deferred. You teach math students how to do proofs right from the beginning for essentially the same reasons :-)
Perhaps this means that the language itself needs to require strong type checking that enforce appropriate secure coding behavior?
Unfortunately, security assumptions are rarely written down so I don't see how they can be enforced at the language or compiler level.
Best, Stephan _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
