Gary McGraw: > I'm sorry, but it is just not possible to find design flaws by > staring at code.
My experience is otherwise. Without detailed documentation I can usually see where in the life cycle the mistake was made: analysis (e.g., solving the wrong problem), design (e.g., using an inappropriate solution) or coding. Wietse _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php