Code Reviews: Making them worthwhile

Presented at Black Hat USA 1997, Unknown date/time (Unknown duration).

The practice of reviewing code before deployment to detect problems has a long academic history.  The process is seen as too time consuming, too academic, and and no producing useful results. All three of these perceptions are wrong. 

Code reviews can be usually done quickly, if they are part of a goal oriented process.  What to look for, how to target the review on the right parts of the code, and how to use training and automated tools to speed the process will be covered.

Presenters:

• Adam Shostack
  Mr. Shostack is an independent consultant from the Boston area.  He has recently taught an intensive two day course in computer and network security at the Financial Cryptography Workshop, and published papers exposing flaws in the SecurID system.  His clients have included large networking, financial and medical companies.

Similar Presentations:

• AppSec USA 2012 / Secure Code Reviews Magic or Art? A Simplified Approach to Secure Code Reviews
• DEF CON 30 (2022) / Practical Secure Code Review (Monday) Training
• DEF CON 30 (2022) / Practical Secure Code Review (Tuesday) Training