[SC-L] The seven sins of programmers | Free Software Magazine

2007-02-23 Thread Kenneth Van Wyk

SC-L,

So my trusty rss aggregator (NewsFire) found an interesting blog for  
me this morning, and I thought I'd share it here.  The blog is from  
Free Software Magazine and it's titled, The seven sins of  
programmers.  On the surface, it has nothing whatsoever to do with  
software security -- the word security is never even mentioned in  
passing -- but I believe there are some worthy security lessons to be  
gleamed from it.


http://www.freesoftwaremagazine.com/blog/seven_sins

Cheers,

Ken
-
Kenneth R. van Wyk
SC-L Moderator
KRvW Associates, LLC
http://www.KRvW.com






PGP.sig
Description: This is a digitally signed message part
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] The seven sins of programmers | Free Software Magazine

2007-02-23 Thread Gunnar Peterson
Along these same lines, I submit ³the Four Coders of the Apocalypse² by Dave
Thomas and Andy Hunt. One of the major areas we need to work is adoption.
Programmers are not all created equal, this presentation shows four types of
programmers, and describes what drives them and ideas on dealing with the
different types. Excellent bit of software development archaelogy, if you
need tips on communicating software security designs, rationale, etc. I
would argue that through the work of Gary McGraw, Ken van Wyk, Michael
Howard, OWASP, Build Security portal, and many other resources that we are
awash in good ideas/tools/templates. What we really need is adoption.
Adoption is predicated on understanding the programmer¹s mindsets.

The Four Coders of the Apocalypse are

The Lifer (someone else will take care of things, knows everything about one
topic, all solutions involve that topic, ³it can¹t be done²)

The White Rabbit (no time to do it right, ³I can¹t talk now²)

The Racehorse (run forward wearing blinkers, never change existing code)

The Beautiful Dreamer (programming as an end in itself)

http://www.pragmaticprogrammer.com/talks/4coders/4coders.htm

-gp


On 2/23/07 7:02 AM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:

 SC-L,
 
 So my trusty rss aggregator (NewsFire) found an interesting blog for me this
 morning, and I thought I'd share it here.  The blog is from Free Software
 Magazine and it's titled, The seven sins of programmers.  On the surface, it
 has nothing whatsoever to do with software security -- the word security is
 never even mentioned in passing -- but I believe there are some worthy
 security lessons to be gleamed from it.
 
 http://www.freesoftwaremagazine.com/blog/seven_sins
 
 Cheers,
 
 Ken
  
 -
 Kenneth R. van Wyk
 SC-L Moderator
 KRvW Associates, LLC
 http://www.KRvW.com
 
 
 
  
 
 
 
 ___
 Secure Coding mailing list (SC-L) SC-L@securecoding.org
 List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
 List charter available at - http://www.securecoding.org/list/charter.php
 SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
 as a free, non-commercial service to the software security community.
 ___


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___