Issue No. 04 - July/August (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.84
Michael Howard , Microsoft
No one really likes reviewing source code for security vulnerabilities, but it's a critical component of shipping secure software. Howard describes his approach to tackling the process. It won't identify all security vulnerabilities in your code, but it's effective for scanning large amounts of code quickly for common issues and reviewing risky code in greater depth.
code review, security vulnerabilities, secure code
M. Howard, "A Process for Performing Security Code Reviews," in IEEE Security & Privacy, vol. 4, no. , pp. 74-79, 2006.