Sergey Bratus on Learning from Hackers

I just saw Sergey Bratus’s talk at TROOPERS 10. He’s an interesting guy, and his talk was good. He’s a CS professor at Dartmouth, and he’s actually making an effort, on behalf of the academic community, to inject some genuine security clue into the education of CS students. He obviously has a tough topic to address, but he looks like he’s on the right track to me.

One thing he pointed out is that a lot of vulnerabilities over the years have actually resulted from the accidental creation of Turing-complete systems. (He has a nice Cthulu slide making the point.)

It struck me that one goal of “secure programming” would be the avoidance of the creation of Turing-complete systems. It’s a crazy world when it’s harder to avoid the creation of such a system than it is to actually create one.

Anyway, Marsh and I are speaking in a couple of hours. If you’re here, come by and bring your rotten tomatoes!