On Mon, 2021-07-26 at 16:33 +0000, g4sra via Dng wrote: > On Monday, July 26th, 2021 at 4:48 PM, Steve Litt < > sl...@troubleshooters.com> wrote: > > Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200 > > > > > My feeling is, that you can not simply teach someone how to write > > > safe software. > > Why not? You can teach a person to do anything else. But maybe not > > in > > college, because college is built to make money, not to teach. > > Consider > > the average textbook and compare to the average "For Dummies" book. > > The > > former makes the subject matter look incredibly complex, justifying > > the > > professor. The latter makes it easy to learn. > > What is needed is a curated document explaining the five or ten or > > twenty things you need to do to be secure, and then how to achieve > > them > > in a practical world. > Software is far too complex to be audited by following a fixed set of > generic rules, > otherwise someone would have already written software that can do > exactly that. > We have some tools, but they are incomplete and fallible. > > The personality of the individual is key, which is why not anyone can > learn to program safely. > I witnessed an individual sail through and get top marks at college, > they had an eidetic mind. > They could recall any fact they had been told\read instantly and > accurately. > But they had no creativity and could be easily tripped up with the > simplest of problems if they had not seen it before. > > > > Let's start with input field cleansing and > > protection from errant pointers and buffer overflow. There are many > > more: > Yeah, that's what they taught me at college :). > > > It takes some effort to learn, but I doubt it's rocket science > Which is why they call it Computer Science, it's harder. > Rocket Science has a formula for everything, even the top AI experts > cannot formulate the intricacies of a Neural Net program. > > > and one certainly doesn't need to come from a family who can fund > > college plus living expenses for 4 years, or 7, or whatever. > Agreed, we must have all at least heard of Kevin Mitnick,
There you go with assumptions, something you should never do. I have absolutely no idea who Kevin Mitnick is, I had never heard that name until you posted it. Rowland > who as a teenager learnt from his dad, a security expert. > How executing software processes what you enter into it is as much a > security concern as the source code. > > SteveT > > _______________________________________________ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
