[WEB SECURITY] code review techniques for when you don't trust your developers or testers

Steven M. Christey coley at linus.mitre.org
Fri Aug 14 12:07:38 EDT 2009


On Fri, 14 Aug 2009, Eugene Kuznetsov wrote:

> Separately, I think the question of insider threat is interesting
> theoretically. I don't agree that the obvious need for more "security
> hygiene 101" should prevent its study, discussion or attempted
> reduction.

I don't think we should be ignoring it either, but it's generally a luxury
that only developers with solid security practices may be prepared to
address in any substantive way... although some of the suggested process
changes might be useful for developers at any level of maturity.

- Steve

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list