Code Review Guidelines (draft)

Mark O. Aldrich maldrich at grci.com
Tue Aug 27 15:51:55 PDT 1996 

On Tue, 27 Aug 1996, Igor Chudov @ home wrote:

> Adam Shostack wrote:
> > 
> > A few weeks back, I posted a request for source code review
> > guidelines.  I got about 50 me-toos, but no guidelines.  So I wrote
> > some I think are decent.  They're still in draft format.  I'd
> > appreciate feedback & commentary on them.
> > 
> > http://www.homeport.org/~adam/review.html
> > 

Sorry.  I missed your first post.

The Security Engineering CMM effort has also been looking at methods that
are used to create assurances in trusted systems/components/products.  One
of these is, of course, code examination and quality reviews.  You may
want to check out what they've done.  There are not necessarily "steps" to
be followed, but rather how the PA (process area) relates to the ability
of an organization to perform security engineering (i.e., it's maturity).
I haven't been in the PA's for awhile, but there *may* be something there
that you can use.

GRCI sits on both the authoring group and the steering committee for the
SSE CMM.  If you need more info, let me know and I'll hook you up with
someone.  The group is always looking for someone to test the
implementation of the security engineering CMM products through pilot
testing.

Point your browser at http://www.ssecmm.ashton.csc.com/
and then rummage.  There's stuff buried all over the server, but you
probably will be most interested in the peer review, security
vulnerability analysis, and quality management portions.  As I recall (I
can't get to the site right now), a lot of stuff is in RTF and not HTML,
so you may have to DL it instead of look at it online.

------------------------------------------------------------------------- 
|And if Dole wins and dies in office, they|        Mark Aldrich         |
|could just pickle him and no one would   |   GRCI INFOSEC Engineering  |
|notice.  It wouldn't be the first time we|     maldrich at grci.com       |
|had a dill-dole running the country.     | MAldrich at dockmaster.ncsc.mil|
|               -- Alan Olsen             |                             |
|_______________________________________________________________________|
|The author is PGP Empowered.  Public key at:  finger maldrich at grci.com |
|    The opinions expressed herein are strictly those of the author     |
|         and my employer gets no credit for them whatsoever.           |
-------------------------------------------------------------------------

More information about the cypherpunks-legacy mailing list