RE: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-09 Thread Peter Amey
-Original Message- From: Crispin Cowan [mailto:[EMAIL PROTECTED] Sent: 09 July 2004 04:27 To: Peter Amey Cc: ljknews; [EMAIL PROTECTED] Subject: Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content) Peter Amey wrote: What is wrong with this

Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-09 Thread Crispin Cowan
Peter Amey wrote: What is wrong with this picture ? I see both of you willing to mandate the teaching of C and yet not mandate the teaching of any of Ada, Pascal, PL/I etc. Makes sense to me. what is the point of teaching dead languages like Ada, Pascal, and PL/I? Teach C, Assembler, and

Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-09 Thread Crispin Cowan
Peter Amey wrote: Firstly a tactical one: Ada is by no means a dead language. There is a great tendency in our industry to regard whatever is in first place at any particular point in life's race to be the winner and everything else to be dead. Ada was pushed hard enough by the DoD for a decade

[SC-L] Secure Coding Wikipedia

2004-07-09 Thread Fabien
Hello, I'm currently trying to make an article on Secure Coding for the french section on Wikip├ędia. So if you speak french you can go to : http://fr.wikipedia.org/wiki/Programmation_s%C3%A9curis%C3%A9e And if you don't speak french, you can also help me by sending your ideas here. I will try

RE: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-09 Thread David Crocker
Crispin Cowan wrote: In programming language terms, Ada is grossly primitive. Its object orientation mechanisms are crude at best. A *great* deal of progress in language technology has been made since Ada was developed. For just about any kind of concept or safety feature, students and

[SC-L] Programming languages used for security

2004-07-09 Thread Wall, Kevin
I think the discussion regarding the thread Re: [SC-L] Education and security -- another perspective (was ACMQueue - Content) is in part becoming a debate of language X vs language Y. Instead, I'd like to take this thread off into another direction (if Ken thinks it's appropriate to

Re: [SC-L] Programming languages used for security

2004-07-09 Thread ljknews
At 8:49 AM -0500 7/9/04, Wall, Kevin wrote: If a GENERAL PURPOSE programming language were designed by scratch by someone who was both a security expert and programming language expert, what would this language (and it's environment) look like? More specifically, + What set

RE: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-09 Thread Wall, Kevin
David Crocker wrote... There is a tendency to regard every programming problem as an O-O problem. Sometime last year I read a thread on some programming newsgroup in which contributors argued about the correct way to write a truly O-O Hello world program. All the solutions provided were

RE: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-09 Thread ljknews
At 2:26 PM +0100 7/9/04, David Crocker wrote: And much as I dislike Ada, I have to admit that if you don't intend to use dynamic binding and don't need the low-level features of C,... Which are those low-level features not available with Ada ? The C compilers I have used claim to be

Re: [SC-L] Programming languages used for security

2004-07-09 Thread Fabien
Hello, I'm not a secure coding expert, so my point of view is more from a developper view. + What functionality should the accompanying libraries support (e.g., encryption, access control, etc.)? In my opinion, it's the most important things for a languages, something to easily

Re: [SC-L] Programming languages used for security

2004-07-09 Thread Crispin Cowan
ljknews wrote: Such typing should include specification by the programmer of the range of values allowed in variables: -32767 to +32767, 0 to 100, 1 to 100, Characters a-z only, characters A-Z only, -10.863 to +4.368, etc. The language should also support exact specification of arithmetic

RE: [SC-L] Programming languages used for security

2004-07-09 Thread David Crocker
I think there are two other questions that should be asked before trying to answer this: 1. Is it appropriate to look for a single general purpose programming language? Consider the following application areas: a) Application packages b) Operating systems, device drivers, network protocol stacks

Re: [SC-L] Programming languages used for security

2004-07-09 Thread Crispin Cowan
David Crocker wrote: 1. Is it appropriate to look for a single general purpose programming language? Consider the following application areas: a) Application packages b) Operating systems, device drivers, network protocol stacks etc. c) Real-time embedded software The features you need for these