On 02/14/2016 06:12 PM, David C. Rankin wrote:
On 02/14/2016 04:26 PM, Anton Aylward wrote:
I do wonder, however, just how much mistakes like this are taught in CS courses? I've noted many times that the #1 and #1 vulnerabilities in the SANS Top 20 list, SQL Injection and Bugger Overflow, have been around for more than 20 years. Buffer Overflow, if you recall, was the root cause of the Morris Worm of 1988 which took down an appreciable part of the Internet-as-it-then-was. My point here is that when I interview new intakes of programmers or even talk with one who've been working for my client for some years, even the ones that are aware of these tell me their schools & colleege course never mentioned them.
What bothers me more are the number of questions you find, say on programming sites like StackOverflow.com of people actively trying to learn how to do stack smashing and buffer overflow exploits -- supposedly for "educational purposes"... Kinda makes you wonder what we are training the next generation to do....
Indeed. And the wannabes who post to the security groups on LinkedIn who have the same attitude and want to know how they can "Break in" to the security business by showing their prowess in this manner. Yes, I've seen them use that phrase - "break in to" - without realising the irony of their Freudian slip. That, too, makes me wonder. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org