Sunday, March 25, 2007
Cohen on Howard: Introduction
Fred Cohen is a well-respected computer science researcher and professor in the security field. Michael Howard and David LeBlanc are well-respected software engineers in the security field.
They wrote Writing Secure Code, a book on computer programming security.
Cohen wrote a review of the book.
The review is posted on the IEEE Computer Society's Technical Committee on Security and Privacy website. That's a mouthful -- but it's also one of the most respected institutions in software engineering.
The review is 5,400 words long. It analyzes the book chapter by chapter and finishes with a suggestion for what the book ought to have been called:
The software engineering profession is often criticized for a perceived lack of rigor and professionalism. Read the review. Analyze it in context: one researcher criticizing another researcher's work, published on an electronic journal read by their peers. Doesn't say much for software engineering, does it?
This is the first of a series of blog posts. I am going to go through Cohen's review, chapter-by-chapter, and give the point-of-view of a 4th year software engineering student, who has interned at Microsoft on
I actually received a free copy of the book when I joined Microsoft. It is also a required text for one of my school courses. When you read my commentary, remember my biases, and also remember my youth -- I am criticizing a man who has been in the field for 30 years. If I can find so many questionable points in his review, what does that say about our field?
They wrote Writing Secure Code, a book on computer programming security.
Cohen wrote a review of the book.
The review is posted on the IEEE Computer Society's Technical Committee on Security and Privacy website. That's a mouthful -- but it's also one of the most respected institutions in software engineering.
The review is 5,400 words long. It analyzes the book chapter by chapter and finishes with a suggestion for what the book ought to have been called:
"How poor quality programmers at Microsoft have produced hundreds of instances of the same 10 big mistakes in their code, and how they can do their jobs a little bit better".
The software engineering profession is often criticized for a perceived lack of rigor and professionalism. Read the review. Analyze it in context: one researcher criticizing another researcher's work, published on an electronic journal read by their peers. Doesn't say much for software engineering, does it?
This is the first of a series of blog posts. I am going to go through Cohen's review, chapter-by-chapter, and give the point-of-view of a 4th year software engineering student, who has interned at Microsoft on
- a Trustworthy Computing team, working on the same team as David LeBlanc
- the Microsoft CardSpace team, working on Microsoft's digital identity and privacy software
I actually received a free copy of the book when I joined Microsoft. It is also a required text for one of my school courses. When you read my commentary, remember my biases, and also remember my youth -- I am criticizing a man who has been in the field for 30 years. If I can find so many questionable points in his review, what does that say about our field?
