Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

making sure examples are done correctly. The database examples that connected to an MS SQL server with userid=SA;password="" used to drive me crazy. "The sample code does it that way so I better do it that way." It makes for more complicated sample code but it may be the on

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

njection attempt. You might not touch on this until you get to those type applications. If they were taught to question input all along though, by time you get to something like this the habit might be forming. -- Mike Lyman mly...@west-point.org ___

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

bout 50% of the doctors out there graduated in the bottom half of their class applies to our industry as well with the added burden of plenty doing what we do with no formal training at all. There are reasons we do peer reviews, formal code reviews and testing. This is just a small piece of the puzzle th

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

tatements or case statements etc. Once they've had those though, some basic input validation becomes a great programming assignment to test their understanding of those skills. -- Mike Lyman mly...@west-point.org ___ Secure Coding mailing

Re: [SC-L] any one a CSSLP is it worth it?

phase. Not sure how much it helps sell things over and above our reputation among our customers but we keep it out there. -- Mike Lyman mly...@west-point.org ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscription

Re: [SC-L] Software security definition(s)

is the better question. Should be but even then I won't give concrete answer. Based on what we know today it probably will be but somewhere somebody may well be crafting that next attack that blows us out of the water. -- Mike Lyman [EMAIL PROTECTED]

Re: [SC-L] quick question - SXSW

not ever be allowed to look at due to delivery schedules. Security is giving them a good excuse to go learn more. -- Mike Lyman [EMAIL PROTECTED] ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - h

Re: [SC-L] Unclassified NSA document on .NET 2.0 Framework Security

se hosting the call and doing the writing didn't seem to grasp it. It may be a while before we see too many adopting this or requiring it for a while. -- Mike Lyman [EMAIL PROTECTED] ___ Secure Coding mailing list (SC-L) SC-L@securecod

Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

omputer users' idea of security was locking their car doors but it did set us up for bad habits. Basics need to be drilled in early and always count for something even if the lesson is while loops. -- Mike Lyman mly...@west-point.org ___ Secure