I completely disagree: it is the code that counts. The developer can get run over by a bus, and we will still be running the code.A Network World article, http://www.nwfusion.com/news/2004/0419codereview.html, discusses the various MS patches that came out last week. Ellen Messmer, the author, talks about the many companies and startups that are selling products to help with code auditing and testing to help automate the security review process.
Isn't she missing the point? It is not the source code that is the
problem -- it is the developer.
Developer education is *one* path to higher code quality. Better tools is another. But better code quality is definitely the end-goal.
Crispin
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
