Chapter 4. Code Review with a Tool^[1]

Code Review with a ToolTouchpointslist ofcode reviewParts of this chapter appeared in original form in IEEE Security & Privacy magazine coauthored with Brian Chess [Chess and McGraw 2004].

	Debugging is at least twice as hard as programming. If your code is as clever as you can possibly make it, then by definition you’re not smart enough to debug it.
	--BRIAN KERNIGHAN

All software projects are guaranteed to have one artifact in common—source code. Because of this basic guarantee, it makes sense to center a software assurance activity around code itself. Plus, a large number of security problems are caused by simple bugs that can be spotted in code (e.g., a buffer overflow vulnerability is the common result of misusing various string functions including strcpy() in C). In terms of bugs and flaws, ...

Get Software Security: Building Security In now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Software Security: Building Security In by Gary McGraw

Chapter 4. Code Review with a Tool^[1]

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly

Chapter 4. Code Review with a Tool[1]

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly

Chapter 4. Code Review with a Tool^[1]