[WEB SECURITY] code review techniques for when you don't trust your developers or testers

travis+ml-webappsec at subspacefield.org travis+ml-webappsec at subspacefield.org
Thu Aug 13 18:08:41 EDT 2009


On Thu, Aug 13, 2009 at 04:17:28PM -0400, Eugene Kuznetsov wrote:
> similar to the problem of insider threat in espionage -- if you have a
> trusted employee who has gone over to the other side, and they have
> years in which to plan and do their damage covertly, you're probably
> better off with weekly polygraph tests than software testing tools. 

I realize this wasn't your main point - possibly going OT here - but you
might find this article interesting:

http://fas.org/sgp/othergov/polygraph/ames.html

More varied opinions here:
http://fas.org/sgp/othergov/polygraph/index.html
-- 
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john at subspacefield.org to get blacklisted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090813/bf0ffac9/attachment.bin>


More information about the websecurity mailing list