A Process for Performing Security Code Reviews


I wrote an article about performing security code reviews that appears in the July/August 2006 edition of IEEE Security & Privacy. Oh, and by the way, there’s a little typo in the article; my name is Michael Howard, not Michael A. Howard. Unlike almost everyone on the planet, I don’t have a middle name.

Comments (12)

  1. PatriotB says:

    Well, I wouldn’t say "planet"… U.S. maybe.  I’m sure there are some countries/cultures where middle names are less common…

  2. So in this month’s IEEE Security and Privacy magazine Michael Howard wrote an interesting article on "A Process for Performing Security Code Reviews". It’s worth the read. His insights on how to prioritize what code to review first is something

  3. Bluejay says:

    Nah, a lot of people in the world don’t have middle name, just those who pretend they come from classy Great Britain origin 😛 (of course, it’s joke with no intention of offending anyone).

  4. Alun Jones says:

    Tell them you’re not "Michael A Howard", you’re "Michael THE Howard".

  5. Occasionally, I am called upon to do a security code review. I enjoy the process and I recommend it to

  6. naresh.hasanabada says:

    This is what I am looking for..

    Thanks Michael.

  7.  

    [MSDN Subscribers Only] MSDN Subscribers Only

    Sign in today to see what’s new on MSDN Subscriber…

  8. When it comes to architecting server class application, following becomes very fundamental building blocks