On Tue, Aug 25, 2009 at 7:26 AM, Goertzel, Karen
[USA]<goertzel_ka...@bah.com> wrote:
> For consistency's sake, I hope you agree that if security is an
> intermediate-to-advanced concept in software development, then all the other
> "-ilities" ("goodness" properties, if you will), such as quality,
> reliability, usability, safety, etc. that go beyond "just get the bloody
> thing to work" are also intermediate-to-advanced concepts.
>
> In other words, teach the "goodness" properties to developers only after
> they've inculcated all the bad habits they possibly can, and then, when they
> are out in the marketplace and never again incentivised to actually unlearn
> those bad habits, TRY desperately to change their minds using nothing but
> F.U.D. and various other psychological means of dubious effectiveness.
Seriously? We're going to teach kids in 5th grade who are just
learning what an algorithm is how to protect against malicious inputs,
how to make their application fast, handle all exception conditions,
etc?
Maybe we're still having that pupil/student discussion?
In engineering disciplines we split courses into different areas of
concern but still make everyone take all of the classes whether they
are beginner or advanced. Or, physics for example. Or maybe
something like music lessons? Maybe we should teach all kids about
vibrato and complex rhythms from day-1, or maybe before they have even
picked up an instrument we should make them study music theory?
I'm just having a hard time understanding why we're trying to invent
this from scratch when plenty of other disciplines, how people learn
other skills, etc. all start from basics and then get more advanced.
--
Andy Steingruebl
stein...@gmail.com
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
