Nick Coghlan writes: > As you point out, most language development teams do very little to > try to educate their users about security issues. That's partly because it isn't going to be terribly effective. Security is a difficult subject, not one that's going to be usefully treated in a couple of lines here, a couple more there. And it is generally an application issue, not one that is specific to individual features. If we're serious about this, I suggest following the RFC pattern: *every* module's documentation should have a "Security Considerations" section. Probably the content will be basically the same as the existing warning boxes, but with a consistent approach throughout the docs it could convey the importance of always thinking about security. > The consequences of that are clearly visible in the world around > us: when security is treated as an optional afterthought, But (FWIW) that's what warning boxes looks like to me. An afterthought. Not a systematic attempt to encourage security by teaching about secure programming. By your own words, we are nowhere close to a world where "a word, to the wise, is sufficient."
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4