Chapter 2. Design Review
“Sure. Each one of us is wearing an unlicensed nuclear accelerator on our back. No problem.”
Bill Murray as Dr. Peter Venkman, Ghostbusters (1984)
Introduction
Computer security people tend to fall into one of two camps on design review. People from a formal development background are usually receptive to the design review process. This is only natural, as it maps closely to most formal software development methodologies. The design review process can also seem to be less trouble than reviewing a large application code base manually.
In the other camp are code auditors who delight in finding the most obscure and complex vulnerabilities. This crowd tends to look at design review as an ivory-tower construct that just gets ...
Get The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.