Hendrik Boom said on Mon, 26 Jul 2021 17:21:24 -0400

>On Mon, Jul 26, 2021 at 11:48:53AM -0400, Steve Litt wrote:
>> Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200
>>
>>
>> >My feeling is, that you can not simply teach someone how to write
>> >safe software.
>>
>> Why not? You can teach a person to do anything else. But maybe not in
>> college, because college is built to make money, not to teach.
>> Consider the average textbook and compare to the average "For
>> Dummies" book. The former makes the subject matter look incredibly
>> complex, justifying the professor. The latter makes it easy to learn.
>>
>> What is needed is a curated document explaining the five or ten or
>> twenty things you need to do to be secure, and then how to achieve
>> them in a practical world. Let's start with input field cleansing and
>> protection from errant pointers and buffer overflow. There are many
>> more:
>
>Knowing you, you probably already have a draft of such a document
>lying around.

Not that I know of. That's why I'm starting at the level of a simple
list.

SteveT

Steve Litt
Spring 2021 featured book: Troubleshooting Techniques of the Successful
Technologist http://www.troubleshooters.com/techniques