Re: [SC-L] Compilers

2006-12-21 Thread Gary McGraw
Integration of some of the static techniques found in tools like fortify into compilers does make sense. However, not all of the kinds of things should be put in the compiler (how many coders do you know that use the -Wall??!). So one use case for some of the knowledge would be compiler

Re: [SC-L] Compilers

2006-12-21 Thread Gunnar Peterson
Sure it should be built into the language, and I assume it will be eventually. Heck it only took 30 or 40 years for people to force developers to use Try...Catch blocks. -gp On 12/21/06 9:30 AM, McGovern, James F (HTSC, IT) [EMAIL PROTECTED] wrote: I have been noodling the problem space of

Re: [SC-L] Compilers

2006-12-21 Thread David A. Wheeler
McGovern, James F \(HTSC, IT\) I have been noodling the problem space of secure coding after attending a wonderful class taught by Ken Van Wyk. I have been casually checking out Fortify, Ounce Labs, etc and have a thought that this stuff should really be part of the compiler and not a

[SC-L] secure application development course

2006-12-21 Thread Johan Peeters
Katholieke Universiteit Leuven organizes an intensive course on secure application development for experienced software practitioners, in partnership with Solvay Business School and L-Sec (Leuven Security Excellence Consortium), from February 26th to March 2nd 2007. The course is aimed at