On Thu, Dec 28, 2000 at 08:46:23PM -0700, John Galt wrote:
[ all developers should audit their code ]
> >
> > Sounds lovely, in theory. However, judging by the number of open bugs
> > in some packages, out of date packages, etc, what makes you think
> > developers would take this more seriously? What proof does one have
>
> Actually let me chime in at this point and say that personally I'd
> probably prefer non-developers auditing. If you adopt code as an auditor,
> you lose the objectivity to be able to junk bad code relatively
> quickly... Auditors should have as little to do with a piece of code
> they're auditing as possible: preferably not even use it. This way they
> don't fall "in love" with the code and do what's necessary for security...
This is the way to go. For this to actually work someone will
probably have to form a "team" of decent auditors to start digging and
file bugs as they find them ... I know I'm not qualified :)
--
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Inc. | than a perfect plan tomorrow.
mailto:[EMAIL PROTECTED] | -- Patton
PGP signature
