-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of Blue Boar
Sent: 01 July 2004 21:03
To: ljknews
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] ACM Queue article and security education
ljknews wrote:
I think it will be properly considered when
-Original Message-
From: Blue Boar [mailto:[EMAIL PROTECTED]
Sent: 01 July 2004 17:11
To: Peter Amey
Cc: [EMAIL PROTECTED]
Subject: Re: [SC-L] ACM Queue article and security education
Peter Amey wrote:
There are languages which are more suitable for the construction
At 1:02 PM -0700 7/1/04, Blue Boar wrote:
ljknews wrote:
I think it will be properly considered when the most strict portion
of the software world is using language X. I have used many
programs where the flaws in the program make it clear that I care not
one whit about whether the authors of
Peter Amey wrote:
I'm not entirely sure I follow this. I _think_ you are saying:
since we can't be sure that X is perfect (because it might have 5
remaining flaws) then there is no point in adopting it. You seem to
be saying that it doesn't matter if X is _demonstrably_much_better_
than Y, if it
At 9:10 AM -0700 7/1/04, Blue Boar wrote:
Language X may very well be a much better starting point, I don't know. I do believe
that it will never be properly looked at until the whole world starts using it for
everything, though.
I think it will be properly considered when the most strict
ljknews wrote:
I think it will be properly considered when the most strict portion
of the software world is using language X. I have used many
programs where the flaws in the program make it clear that I care not
one whit about whether the authors of that program have opinion about
anything I
At 8:10 PM -0400 6/29/04, James Walden wrote:
While there are non-university classes and workshops that teach software security, I
doubt that a majority of developers have attended even one such class. Software
security has to be integrated into the CS curriculum before we can expect a
Gee, Some of us have been saying that for 40 years.
James Walden wrote:
I'd like to open a discussion based on this quote from Marcus Ranum's
ACM Queue article entitled Security: The root of the problem:
Thanks. I also read Marcus's article with interest. Caveat: clearly, I
have a biased outlook, since software security training is one of the
Kenneth R. van Wyk wrote:
Overall, I like and agree with much of what Marcus said in the article.
I don't, however, believe that we can count on completely putting
security below the radar for developers. Having strong languages,
compilers, and run-time environments that actively look out for
If the state of the art in automobile design had progressed as fast as the
state of the art of secure programming - we'd all still be driving Model
T's.
Consider-
- System Development Methods have not solved the (security) problem -
though we've certainly gone through lots of them.
-
11 matches
Mail list logo