Re: [SC-L] re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet]

2006-10-13 Thread Craig E. Ward
At 10:03 AM -0400 10/12/06, ljknews wrote:
At 9:20 AM -0400 10/12/06, Robert C. Seacord wrote:

  I'm also teaching a course at CMU in the spring on Secure Coding in C
  and C++.

Is there participation on this list from the (hopefully larger number of)
CMU instructors who are teaching people to use safer languages in the first
place ?
--
Larry Kilgallen


I don't think saying use safer languages is a good way to say it. 
It would help conditions significantly if greater care were taken to 
match the choice of programming language to the problem to be solved 
or application to be created. If a language like C is most 
appropriate, then use it, just be sure to take the extra steps needed 
to develop it securely.

The problem is so much the programming languages as it is the way 
they are used.

Craig
-- 
Internet: [EMAIL PROTECTED]
If a program has not been specified, it cannot be incorrect; it can 
only be surprising. (Young, Boebert, and Kain)
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php


Re: [SC-L] re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet]

2006-10-15 Thread Craig E. Ward
At 9:02 PM +1000 10/13/06, mikeiscool wrote:
On 10/13/06, Craig E. Ward [EMAIL PROTECTED] wrote:
At 10:03 AM -0400 10/12/06, ljknews wrote:
At 9:20 AM -0400 10/12/06, Robert C. Seacord wrote:

   I'm also teaching a course at CMU in the spring on Secure Coding in C
   and C++.

Is there participation on this list from the (hopefully larger number of)
CMU instructors who are teaching people to use safer languages in the first
place ?
--
Larry Kilgallen


I don't think saying use safer languages is a good way to say it.
It would help conditions significantly if greater care were taken to
match the choice of programming language to the problem to be solved
or application to be created. If a language like C is most
appropriate, then use it, just be sure to take the extra steps needed
to develop it securely.

The problem is so much the programming languages as it is the way
they are used.

Well, programming languages can go a long way to helping solve the
problem, and it can be reasonably grey as to where to use what. Should
I use php or ror? or python? or c#? I'd say there is a very
appropriate and open space for nice secure languages to live and
develop.

I think that's what I was trying to say. The last sentence of my note 
has an error. I meant to write The problem is not so much the 
programming languages as it is the way they are used.

Sorry for the bad proof reading.

Also, in the IEEE Software July/August 2006 issue in the Tools of 
the Trade department, Diomidis Spinellis discusses several factors 
to consider when selecting a programming language for a particular 
project. Those plus security make for some reasonable criteria to use.

Craig
-- 
Internet: [EMAIL PROTECTED]
If a program has not been specified, it cannot be incorrect; it can 
only be surprising. (Young, Boebert, and Kain)
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php