[Chugalug] OT bugs and code quality

AverageSecurityGuy stephen at averagesecurityguy.info
Fri Mar 14 13:26:00 UTC 2014


A lot of the “we should have caught this” bugs can be eliminated by using good frameworks. Build your own if you have to. SQLi and XSS are solved problems with the right library and a militant enforcement of using the library EVERY TIME. Buffer overflows are also a solved problem if using the correct methods in the language of your choice. 

Are there particular bugs you are worried about?

--
Stephen Haywood
Owner, ASG Consulting
CISSP, OSCP
423.305.3700
asgconsulting.co



On Mar 14, 2014, at 9:17 AM, Christopher Rimondi <chris.rimondi at gmail.com> wrote:

> For those of you are on/lead teams of developers or engineers what do you do keep everyone focused on reducing bugs and thinking through the impact of changes? I get there is a lot that can be done with unit and integration testing and formal QA. However, what I am asking centers more on keeping quality front and center in the team's mindset. 
> 
> There is probably no easy answer to this but, how do you separate bugs that are caused from "moving fast/meeting deadlines" versus we probably should have caught this one?
> 
> -- 
> Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://chugalug.org/pipermail/chugalug/attachments/20140314/edffa631/attachment.pgp>


More information about the Chugalug mailing list