Issue No.04 - July/August (2006 vol.4)
Michael Howard , Microsoft
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.84
No one really likes reviewing source code for security vulnerabilities, but it's a critical component of shipping secure software. Howard describes his approach to tackling the process. It won't identify all security vulnerabilities in your code, but it's effective for scanning large amounts of code quickly for common issues and reviewing risky code in greater depth.
code review, security vulnerabilities, secure code
Michael Howard, "A Process for Performing Security Code Reviews", IEEE Security & Privacy, vol.4, no. 4, pp. 74-79, July/August 2006, doi:10.1109/MSP.2006.84