RE: [SC-L] ACM Queue article and security education

2004-07-02 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Blue Boar Sent: 01 July 2004 21:03 To: ljknews Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education ljknews wrote: I think it will be properly considered when

RE: [SC-L] ACM Queue article and security education

2004-07-02 Thread Peter Amey
-Original Message- From: Blue Boar [mailto:[EMAIL PROTECTED] Sent: 01 July 2004 17:11 To: Peter Amey Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education Peter Amey wrote: There are languages which are more suitable for the construction

Re: [SC-L] ACM Queue article and security education

2004-07-02 Thread ljknews
At 1:02 PM -0700 7/1/04, Blue Boar wrote: ljknews wrote: I think it will be properly considered when the most strict portion of the software world is using language X. I have used many programs where the flaws in the program make it clear that I care not one whit about whether the authors of

Re: [SC-L] ACM Queue article and security education

2004-07-02 Thread Blue Boar
Peter Amey wrote: I'm not entirely sure I follow this. I _think_ you are saying: since we can't be sure that X is perfect (because it might have 5 remaining flaws) then there is no point in adopting it. You seem to be saying that it doesn't matter if X is _demonstrably_much_better_ than Y, if it

RE: [SC-L] ACM Queue article and security education

2004-07-01 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael S Hines Sent: 30 June 2004 17:00 To: [EMAIL PROTECTED] Subject: RE: [SC-L] ACM Queue article and security education If the state of the art in automobile design had progressed as fast

RE: [SC-L] ACM Queue article and security education

2004-07-01 Thread Michael S Hines
- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blue Boar Sent: Thursday, July 01, 2004 11:11 AM To: Peter Amey Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education Peter Amey wrote: There are languages which are more suitable for the construction

Re: [SC-L] ACM Queue article and security education

2004-07-01 Thread ljknews
At 9:10 AM -0700 7/1/04, Blue Boar wrote: Language X may very well be a much better starting point, I don't know. I do believe that it will never be properly looked at until the whole world starts using it for everything, though. I think it will be properly considered when the most strict

Re: [SC-L] ACM Queue article and security education

2004-07-01 Thread Blue Boar
ljknews wrote: I think it will be properly considered when the most strict portion of the software world is using language X. I have used many programs where the flaws in the program make it clear that I care not one whit about whether the authors of that program have opinion about anything I

Re: [SC-L] ACM Queue article and security education

2004-06-30 Thread ljknews
At 8:10 PM -0400 6/29/04, James Walden wrote: While there are non-university classes and workshops that teach software security, I doubt that a majority of developers have attended even one such class. Software security has to be integrated into the CS curriculum before we can expect a

Re: [SC-L] ACM Queue article and security education

2004-06-30 Thread Peter G. Neumann
Gee, Some of us have been saying that for 40 years.

Re: [SC-L] ACM Queue article and security education

2004-06-30 Thread Kenneth R. van Wyk
James Walden wrote: I'd like to open a discussion based on this quote from Marcus Ranum's ACM Queue article entitled Security: The root of the problem: Thanks. I also read Marcus's article with interest. Caveat: clearly, I have a biased outlook, since software security training is one of the

Re: [SC-L] ACM Queue article and security education

2004-06-30 Thread James Walden
Kenneth R. van Wyk wrote: Overall, I like and agree with much of what Marcus said in the article. I don't, however, believe that we can count on completely putting security below the radar for developers. Having strong languages, compilers, and run-time environments that actively look out for

RE: [SC-L] ACM Queue article and security education

2004-06-30 Thread Michael S Hines
If the state of the art in automobile design had progressed as fast as the state of the art of secure programming - we'd all still be driving Model T's. Consider- - System Development Methods have not solved the (security) problem - though we've certainly gone through lots of them. -