[Techtalk] Theory vs. practice

jhamilto at n2h2.com jhamilto at n2h2.com
Mon Jan 14 11:15:07 EST 2002

>Yes, but programmers aren't being taught how to avoid these coding
>errors, or what errors to avoid.

Are you serious? That makes so much more sense. As a sysadmin, It's so frustrating to see buffer overflow problems occuring over and over again, when it seems like 'buffer overflow' lecture would be the first ones taught to a programmer. I shouldn't make such assumptions, since I've never taken a programming course. (okay, pascal WAY back when, but I flunked miserably). 

Jen H.   (<-- I'll try to remember to write Jen H, since there are so many Jen's!)

-----Original Message-----
From: Jenn Vesperman [mailto:jenn at anthill.echidna.id.au]
Sent: Sunday, January 13, 2002 11:29 PM
To: jockgrrl at austin.rr.com
Cc: raven at oneeyedcrow.net; techtalk at linuxchix.org
Subject: Re: [Techtalk] Theory vs. practice

On Mon, 2002-01-14 at 18:12, Julie wrote:

> A lot of what's out there today in terms of "practice" has very
> little to do with formal security theory and more to do with really
> bad coding.  For example, most of the security problems we see are
> coding errors -- buffer overflows, parameter checking, software
> races, and the like.  

Yes, but programmers aren't being taught how to avoid these coding
errors, or what errors to avoid.

Jenn V.
    "Do you ever wonder if there's a whole section of geek culture 
        	you miss out on by being a geek?" - Dancer.

jenn at anthill.echidna.id.au     http://anthill.echidna.id.au/~jenn/

Techtalk mailing list
Techtalk at linuxchix.org

More information about the Techtalk mailing list