Thou shalt have no other gods before the ANSI C standard 1387

Why did you choose the term "36-bit la-la land"? You start right off by insulting everyone with a reasonably long experience in the field.

I have not found that to be true. In fact, in the real world, I have found that someone who is CAPABLE of thinking at the C and buttembler and hardware level will have a much better understanding of buffer overflow, the consequences of same, and how one might avoid both the overflow and the consequences.

Nobody has suggested that. What HAS been suggested is that any course that talks about security holes should at the very least mention the fact that the world is not UNIX, that not all machines are byte addressable, that not all languages are C, that bytes are not all 8 bits and that the most important buffer overruns do not occur in

So why did those overflows occur? Because programmers were not taught the things they should have been taught. And that is the point many of us continue to make. There is something missing in the current curicula. I (and others) have suggested that what is missing is the broader knowledge of different hardware and software systems, the different issues that arise because of these archictectural differences, and that when one arrives in the real world things will not be as they expect.

So no matter how well you teach, or how many bugs your students find, if you teach a narrow focus and demean anything not within that focus, you are in fact one cause of the problem.

--

... Hank