On 10/13/06, David A. Wheeler <[EMAIL PROTECTED]> wrote:
> mikeiscool claimed:
> > Secure programming is good programming.
> > Most books teach good programming.
>
> I strongly disagree with you, on both counts.
As is your right :)
> At the least, those who say they practice good programming
>
| > The only way forward is by having the *computer* do this kind of
| > thing for us. The requirements of the task are very much like those
| > of low-level code optimization: We leave that to the compilers today,
| > because hardly anyone can do it well at all, much less competitively
| > with
On Oct 12, 2006, at 4:32 PM, Gary McGraw wrote:
I suppose now is as good a time as any to say that everything david
is talking about here is described in great detail in the HOW TO
book that I released last february. If you're reading this list,
you really should read that book. It's call
At 3:19 PM -0400 10/12/06, Leichter, Jerry wrote:
> The only way forward is by having the *computer* do this kind of
> thing for us. The requirements of the task are very much like those
> of low-level code optimization: We leave that to the compilers today,
> because hardly anyone can do it wel
I suppose now is as good a time as any to say that everything david is talking
about here is described in great detail in the HOW TO book that I released last
february. If you're reading this list, you really should read that book.
It's called "software security".
Ken and I have trained t
| Here are some practices you should typically be doing
| if you're worried about security, and note that many are
| typically NOT considered "good programming"
| by the general community of software developers:
| * You need to identify your threats that you'll counter (as requirements)
| * Design
mikeiscool claimed:
> Secure programming is good programming.
> Most books teach good programming.
I strongly disagree with you, on both counts.
At the least, those who say they practice good programming
practices, and books that say they teach good programming
practices, are GROSSLY INADEQUATE f
At 9:20 AM -0400 10/12/06, Robert C. Seacord wrote:
> I'm also teaching a course at CMU in the spring on Secure Coding in C
> and C++.
Is there participation on this list from the (hopefully larger number of)
CMU instructors who are teaching people to use safer languages in the first
place ?
--
Gadi,
I sort of agree with mic that the problem is poor programming. My last
manager liked to pick up C text books at random and point out all the
vulnerabilities in the code examples that are being used to teach the
next generation of programmers (how to write vulnerabilities).
> This communit
On 10/12/06, Gadi Evron <[EMAIL PROTECTED]> wrote:
> So, how can we edit current basic programming college books to present
> secure code, a couple of words of the correct way of doing things, and a
> whole new chapter on secure coding (which may be redudndent?)
>
> How do we start?
>
> Some Whiley
We're working on it! The problem is not simply a book.
gem
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Wed Oct 11 20:58:12 2006
To: Kenneth Van Wyk
Cc: Secure Coding
Subject:[SC-L] re-writing college books [was: Re: A banner year for
software
On Wed, 11 Oct 2006, Gary McGraw wrote:
> We're working on it! The problem is not simply a book.
Great! What are you guys doing? What more can be done? There are quite a
few of us willing to help, and I figure, starting with the books future
programmers learn from is not a bad idea.
This communi
12 matches
Mail list logo