On Wed, Mar 17, 2010 at 6:17 PM, ljknews <ljkn...@mac.com> wrote: > At 7:27 PM +0200 3/17/10, AK wrote: > >> Regarding training non-developers to write secure code, what are the >> circumstances that a non-developer would create code that would >> *require* security? I am assuming that system administrators know the >> basics of their trade and scripting language of choice so security there >> is taken care of > > Scripting languages should not be used for security-sensitive > programs.
That statement is so broad as to be nonsense. You might as well say, "Programming languages should not be used for security-sensitive programs." (I might go along with "Imperative programming languages should not be used for security-sensitive programs.") Every programming language has its own peculiar security issues and these need to be considered when choosing an implementation language. -- Internet: c...@acm.org "If a program has not been specified, it cannot be incorrect; it can only be surprising." (Young, Boebert, and Kain) _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
