On Thu, Jan 7, 2010 at 7:11 AM, Jeremy Epstein <jeremy.j.epst...@gmail.com> wrote: > Greetings, > > So as I was listening, I was thinking that many of the same things > could be said about software developers and problems with software > security - every piece of software is unique, any non-trivial piece of > software is amazingly complex, developers tend to consider themselves > as artists creating unique works, etc. > > Has anyone looked into the parallelisms before? If so, I'd be > interested in chatting (probably offlist) about your thoughts.
I've had exceptionally good luck/results from checklists during the development process, though nothing I could scientifically quantify. That said, I wonder whether any of the academics on the list would be willing to actually do a study. Do some actual trials on defect rates in things like student assignments when they have some students go through a checklist to examine their code, and others not. Might be interesting to see exactly what types of checklist items really result in a reduction in bugs... -- Andy Steingruebl stein...@gmail.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________