For consistency's sake, I hope you agree that if security is an
intermediate-to-advanced concept in software development, then all the other
"-ilities" ("goodness" properties, if you will), such as quality, reliability,
usability, safety, etc. that go beyond "just get the bloody thing to work" are
also intermediate-to-advanced concepts.
In other words, teach the "goodness" properties to developers only after
they've inculcated all the bad habits they possibly can, and then, when they
are out in the marketplace and never again incentivised to actually unlearn
those bad habits, TRY desperately to change their minds using nothing but
F.U.D. and various other psychological means of dubious effectiveness.
Great strategy! Our hacker friends will love it.
Karen Mercedes Goertzel, CISSP
Associate
703.698.7454
goertzel_ka...@bah.com
________________________________________
From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] On Behalf
Of Benjamin Tomhave [list-s...@secureconsulting.net]
Sent: Monday, August 24, 2009 8:35 PM
To: sc-l@securecoding.org
Subject: Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?
Two quick comments in catching up on the thread...
First, security in the software development concept is at least an
intermediate concept, if not advanced....
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
