Subject: Re: reviewing code
From: Tom Lord <lord@regexps.com>
Date: Thu, 29 Aug 2002 13:59:46 -0700 (PDT)



       code reviews don't matter much when it comes to security exploits. How
       many pairs of eyes have looked over that source code over the years?


How much code have you personally reviewed for security concerns?

Of those other "many eyeballs", how much do you think they have
reviewed?

Personally, I (mostly) only informally review other people's code when
a bug or confusing documentation is discovered.

FSBs are horridly understaffed.

Is proprietary better?  No.

-t