Auditing Code
I have mentioned auditing earlier in this chapter. An audit is an actual human trace through the code, looking for problems. Usually audits are done for security, but this doesn't always have to be the case.
Auditing can be a part of the testing process, but I recommend that you consider a security audit to be a completely separate portion of your development cycle.
Someone other than the original author should probably perform a security audit. In large development houses, there can be a separate group that serves this specific purpose.
The Audit Process
Security code auditing, like the audits done by the IRS, should be very involved and should attempt to cover all of the material. An audit process can help an auditor systematically ...
Get Microsoft® Windows® 2000 Security Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
