[cs615asa] HW3 grades

Jan Schaumann jschauma at stevens.edu
Tue Mar 7 22:33:03 EST 2017 

Hello,

I've just sent out grades for HW3.  If you didn't receive an email, then
I didn't receive a homework submission from you.

As noted in class, I'd have liked a bit more details from many of you.

The questions I ask in these homework assignments always have two
objectives.  On the one hand, I actually do want to get an answer to the
question.  On the other, I want you to understand why I'm asking the
questions.

So you should (a) actually answer the question.  Describing how one
_could_ answer the question is not sufficient.  Do actually provide an
answer.  Do not claim that in the "real world" one would or could do X
or Y, but since somehow this isn't the "real world", you didn't.

You should (b) reflect on the question and think about why I'm asking
it.  What could you learn by looking for the answer?  In so doing, you
may find that elaborating on your answer might be useful.

Back up your answers with reasoning.

The more detail you show, and the more I see that you actually out some
thought into answering the questions, the easier it is for me to gives
you a good grade.


The question regarding the possibility of a backdoor seems to have
tripped most of you.  A handwaving reply referencing various key words
related to the google terms "backdoor" and "vulnerability" is not what I
was looking for.

Similarly, simply stating "welp, no can do" is not sufficient, either.

Instead, you should consider how you would establish a high degree of
trust into the software.  How was the software retrieved (either by
yourself or by the package manager)?  How do you know you connected to
the right site?  How do you know the software was not manipulated in
transit?  If you mentioned signatures or checksums, think about what
they assert, and how you retrieved those.

These are important things for you to be aware of, so if you are not
familiar with asking these questions, please begin your research here.
We will continue to brush upon these topics, but we cannot cover all of
them in sufficient detail, so I'm looking for some independent learning
on your part.

In your next assignment, remember to show your work. :-)

-Jan

More information about the cs615asa mailing list