The guy from Dominion who says it's impractical to protect software from it's developers is blowing smoke. It's true, you can't do anything if your entire development team is in on a conspiracy to plant holes in your software, but that's not often going to be the case. If you can make the assumption that corruption is limited to a small fraction of your dev team, then an easy way to protect against deliberate introduction of bad code by developers is independent review. That is, no code gets committed to the production branch for release until after it's been reviewed by one or more developers who weren't involved in it's development. This should be a part of normal software development anyway, because it not only detects malicious code introduction but things like bad programming practices (non-length-checked buffers, out-of-scope local variables, etc.) and lack of documentation/comments.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/10618/30817#30817