On Wed, 11 Oct 2006, Gary McGraw wrote:
We're working on it! The problem is not simply a book.
Great! What are you guys doing? What more can be done? There are quite a
few of us willing to help, and I figure, starting with the books future
programmers learn from is not a bad idea.
This
We're working on it! The problem is not simply a book.
gem
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Wed Oct 11 20:58:12 2006
To: Kenneth Van Wyk
Cc: Secure Coding
Subject:[SC-L] re-writing college books [was: Re: A banner year for
On 10/12/06, Gadi Evron [EMAIL PROTECTED] wrote:
So, how can we edit current basic programming college books to present
secure code, a couple of words of the correct way of doing things, and a
whole new chapter on secure coding (which may be redudndent?)
How do we start?
Some Whiley book
Gadi,
I sort of agree with mic that the problem is poor programming. My last
manager liked to pick up C text books at random and point out all the
vulnerabilities in the code examples that are being used to teach the
next generation of programmers (how to write vulnerabilities).
This
mikeiscool claimed:
Secure programming is good programming.
Most books teach good programming.
I strongly disagree with you, on both counts.
At the least, those who say they practice good programming
practices, and books that say they teach good programming
practices, are GROSSLY INADEQUATE
I suppose now is as good a time as any to say that everything david is talking
about here is described in great detail in the HOW TO book that I released last
february. If you're reading this list, you really should read that book.
It's called software security.
Ken and I have trained
On Oct 12, 2006, at 4:32 PM, Gary McGraw wrote:
I suppose now is as good a time as any to say that everything david
is talking about here is described in great detail in the HOW TO
book that I released last february. If you're reading this list,
you really should read that book. It's
| The only way forward is by having the *computer* do this kind of
| thing for us. The requirements of the task are very much like those
| of low-level code optimization: We leave that to the compilers today,
| because hardly anyone can do it well at all, much less competitively
| with
On 10/13/06, David A. Wheeler [EMAIL PROTECTED] wrote:
mikeiscool claimed:
Secure programming is good programming.
Most books teach good programming.
I strongly disagree with you, on both counts.
As is your right :)
At the least, those who say they practice good programming
practices,
