On Mon, Jul 8, 2013 at 7:31 PM, Reed Black <[email protected]> wrote: > If it's all old review for you, I hope you will share even more > specific suggestions for others.
Not sure what you mean by “old review”, but I didn't say that it is obvious. I wrote that it is mostly irrelevant here. Writing secure software is relatively easy, and does not rely much on abstraction layers or whatever OOP ideology is popular at the moment. You just document each function' input/output, test it somehow, and check input/output requirements when calling any other function. The simpler, the better, it's not difficult. E.g., Tor project does not have a nice design, it is a terrible hodgepodge of C functions, implemented with inefficient algorithms (or, they really like iterating over lists). But it is written by people who know what they are doing, and it shows. Consider their relatively recent job posting [1] — their first two requirements are: + Have extensive experience in C, and several other programming languages. At least 5 years experience with C is probably necessary for the level of expertise we want; most people would need more. + Have a solid understanding of issues surrounding secure C programming. Peer review is a nice theoretic concept, but as this thread shows, it does not work unless you have solid understanding of what you should be doing first and foremost. Also, the ratio of people actually doing some form of peer review to people writing profusely about it is negligible. [1] https://www.torproject.org/about/jobs-coredev.html -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
