On Thu, Dec 28, 2000 at 08:46:23PM -0700, John Galt wrote: [ all developers should audit their code ] > > > > Sounds lovely, in theory. However, judging by the number of open bugs > > in some packages, out of date packages, etc, what makes you think > > developers would take this more seriously? What proof does one have > > Actually let me chime in at this point and say that personally I'd > probably prefer non-developers auditing. If you adopt code as an auditor, > you lose the objectivity to be able to junk bad code relatively > quickly... Auditors should have as little to do with a piece of code > they're auditing as possible: preferably not even use it. This way they > don't fall "in love" with the code and do what's necessary for security... This is the way to go. For this to actually work someone will probably have to form a "team" of decent auditors to start digging and file bugs as they find them ... I know I'm not qualified :) -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Inc. | than a perfect plan tomorrow. mailto:nnorman@micromuse.com | -- Patton
Attachment:
pgp6vxkYitOMl.pgp
Description: PGP signature