Secure Coding mailing list archives

re-writing college books - erm.. ahm...

From: crispin at novell.com (Crispin Cowan)
Date: Sat, 28 Oct 2006 01:07:23 -0700

Gadi Evron wrote:

So, "dump C", "Use SML", "What secure coding classes are you doing?" and
"we are already doing it!!" are the responses I got when I started this
thread.

What did you expect from whining about the generally poor quality of
software? :)

Can someone mention again why re-writing the main often-used and probably
less than 3 mostly-used basic programming books is a bad idea?

Uh ... 'cause I question the assertion that there are 3 mostly-used
basic programming books. I suspect it is more like 78 mostly used books.
More importantly, if there are 3 mostly used books, then there are 78
more behind them vying for those 3 slots, and they all have the same
problems. If you write a new book, then you just join the pool of 78,
and you have the impact of a drop in the bucket.

Worse, we are talking about correctness here. Correctness is hard, and
correctness on a large scale is harder. I doubt that even a concerted
effort at a "correct" book on intro to programming would manage to
actually be correct any time before the 3rd edition, 10 years from now.

Seeking perfect correctness as an approach to security is a fool's
errand. Security is designing systems that can tolerate imperfect software.

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
     Hack: adroit engineering solution to an unanticipated problem
     Hacker: one who is adroit at pounding round pegs into square holes

Current thread:

re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet], (continued)
- - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Robert C. Seacord (Oct 12)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 12)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Craig E. Ward (Oct 12)
    - Message not available
    - Message not available
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] mikeiscool (Oct 13)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Craig E. Ward (Oct 13)
    - Message not available
    - Message not available
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] James Walden (Oct 13)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] ljknews (Oct 17)
    - Message not available
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Gergely Buday (Oct 18)
    - re-writing college books [was: Re: A banner year for software bugs | Tech News on ZDNet] Crispin Cowan (Oct 24)
    - re-writing college books - erm.. ahm... Gadi Evron (Oct 27)
    - re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
    - re-writing college books - erm.. ahm... Gadi Evron (Oct 28)
    - re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
    - re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
    - re-writing college books - erm.. ahm... Robert C. Seacord (Oct 29)
    - re-writing college books - erm.. ahm... Gadi Evron (Oct 29)
    - re-writing college books - erm.. ahm... Robert C. Seacord (Oct 28)
    - re-writing college books - erm.. ahm... Crispin Cowan (Oct 28)
    - re-writing college books - erm.. ahm... Leichter, Jerry (Nov 05)
    - re-writing college books - erm.. ahm... Gadi Evron (Nov 05)
    - re-writing college books - erm.. ahm... Wall, Kevin (Nov 06)

(Thread continues...)