At 10:43 PM -0400 6/30/08, Mary and Glenn Everhart wrote: > There is another reason I have seen quite often: you can't readily ask > the designer of > the code what it does when he is dead, or when he has left the company > (esp. if he works for a competitor).
When I participated (as author) in formal inspection there were as many defects found (and fixed) in the comments as in the code. And most people think my comments are better than average. I have "left the company" but still have some access to see what defects they have found since. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
