|
Secure Code Reviews: What are the ingredients?
Level:
Advanced
Track:
n/a
Starts:
Sep 29 2007 4:45 PM
Ends:
Sep 29 2007 6:15 PM
Room:
MPR-B
Speaker:
Robert Hurlbut
Security code reviews can play a critical role in improving an application’s quality. The benefits of threat modeling and architectural reviews will be reviewed as mechanisms to identify and focus on security-significant portions of the code base. The benefits of vulnerability categorization will be discussed to evaluate how this helps in identifying issues. Similarly, we will also stress the need to differentiate between flaws and bugs, and how that distinction can be used to identify and implement effective countermeasures. Finally, we will also discuss the effectiveness of automated code review tools that are currently available.
|