On Aug 25, 2009, at 17:25, Benjamin Tomhave wrote:
You cannot teach advanced grammar to a student with no language skills.
I have excellent language skills (after my gaffe with the word "student" on this very list, I should perhaps add "in my mother tongue"), but you still couldn't teach me grammar. I just don't get it. On the other hand, I have known people who couldn't hold write a short essay if it saved their lives, yet they were brilliant in taking sentences apart.
Similarly, to think you can teach secure coding to a student with no coding skills is follow.
I wouldn't teach "secure coding". I'd teach what Karen has termed "goodness properties" along with the other coding stuff like variables, loops and so on. Even if you teach total beginners, you will usually approach programming as a problem-solving exercise. But in order to solve an exercise, you must have at least some notion of what constitutes a valid solution. So even complete beginners have a notion of what it means for the program to produce the desired result. And from that basic understanding of correctness to "the program should not behave in any unexpected way, even when attacked" it is not that far.
Best, Stephan _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
