Security Code Reviews

Recently I read again interesting article in IEEE Security & Privacy magazine by Michael Howard, “A Process for Performing Security Code Reviews,” IEEE Security & Privacy, vol. 4, no. 4, July/August 2006, pp. 74-79. That very good article starts with:

No one really likes reviewing source code for security vulnerabilities; it’s slow, tedious, and mind-numbingly boring. Yet, code review is a critical component of shipping secure software to customers. Neglecting it isn’t an option.

Absolutely true. Read full article here.

Share this... Tweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Email this to someone

Leave a Reply