Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

2004-07-06 Thread Crispin Cowan
der Mouse wrote: Care to explain what do you think a 'programming course' should have that is not covered in SE or CS courses (or curricula)? A computer scientist is a theoretician. A software engineer is a designer. A programmer is an implementer. A computer scientist can prove you can't, i

RE: [SC-L] Protecting users from their own actions

2004-07-06 Thread Wall, Kevin
In Ken van Wyk's cited article at http://www.esecurityplanet.com/views/article.php/3377201 he writes... > As I said above, user awareness training is a fine practice > that shouldn't be abandoned. Users are our first defense > against security problems, and they should certainly be > educa

Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

2004-07-06 Thread Dana Epp
Thanks Mark. As a correction to my book list (and a big apology to Michael Howard), that should say "Writing Secure Code". I should know better than to spew forth vile discussions on education and not proof read my own work. Never noticed it until your response. *sigh* Now, I just need to convi

Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

2004-07-06 Thread Mark Rockman
You are not nuts. Your course outline is a very substantial step in the right direction. - Original Message - From: "Dana Epp" <[EMAIL PROTECTED]> To: "Fernando Schapachnik" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, July 06, 2004 16:42 Subject: Re: [SC-L] Education and s

Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

2004-07-06 Thread Dana Epp
I'd be interested to hear what people think of the two approaches (separate security courses vs. spreading security all over the curricula). Regards. Fernando. Well, I have been asked to teach a new forth year course at the British Columbia Institute of Technology (BCIT) this fall on Secure Progra

[SC-L] Protecting users from their own actions

2004-07-06 Thread Kenneth R. van Wyk
Hi All, FYI... This topic has come up here a few times, so I thought that I'd send a pointer to my July eSecurityPlanet column (http://www.esecurityplanet.com/views/article.php/3377201 - free, no registration required). In the column, I take the seemingly unpopular view --at least in this gr

Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

2004-07-06 Thread Fernando Schapachnik
En un mensaje anterior, der Mouse escribió: > >>> I think over the past 40 years or so, as a discipline, we've failed > >>> rather miserably at teaching programming, period. > >> Right. But on the other hand, that's not surprising - [because > >> we've mostly not even _tried_ to teach programming,