Secure Programming
Inspecting Code for Security Sep 20 2004 07:55PM
caleb dods bell ca (5 replies)
RE: Inspecting Code for Security Sep 23 2004 03:42AM
Yvan Boily (yboily seccuris com) (1 replies)
RE: Inspecting Code for Security Sep 23 2004 04:38PM
Aleksander P. Czarnowski (alekc avet com pl) (1 replies)
RE: Inspecting Code for Security Sep 23 2004 06:13PM
Yvan Boily (yboily seccuris com)
RE: Inspecting Code for Security Sep 21 2004 06:57PM
Aleksander P. Czarnowski (alekc avet com pl) (1 replies)
Re: Inspecting Code for Security Sep 22 2004 03:09PM
Valdis Kletnieks vt edu (1 replies)
On Tue, 21 Sep 2004 20:57:51 +0200, "Aleksander P. Czarnowski" said:

> I would say that the final list of objectives should be business driven,

The truly hard part is that usually the very top item of the list is proclaimed
by somebody very high up the totem pole, and is a variant on:

"We must ship/deploy/whatever by next Thursday or we're screwed..."

Admittedly, it's somewhat off-topic for a "code inspection", but it's really
somewhat pointless to do the inspection if you don't have at least a foggy
idea of what you intend to do if you find a really bad gaping hole.

First Law of Systems Programming: "Never test for error conditions that
you don't know how to handle..." :)

[ reply ]
RE: Inspecting Code for Security Sep 22 2004 06:45PM
Aleksander P. Czarnowski (alekc avet com pl)
RE: Inspecting Code for Security Sep 21 2004 04:39PM
Yvan Boily (yboily seccuris com)
Re: Inspecting Code for Security Sep 21 2004 10:22AM
Juergen Brauckmann (jbrauckmann betrusted com)
Re: Inspecting Code for Security Sep 21 2004 01:24AM
George V. Neville-Neil (gnn neville-neil com)


 

Privacy Statement
Copyright 2010, SecurityFocus