A Secure Code Review Retrospective
2020
We discuss in this paper a process used at The MITRE Corporation for reviewing source code to identify security weaknesses. A key tenant of our process is that secure code review should not be done by the developers of the code, but by a separate code review team of seasoned individuals that leverage a combination of analytical methods. This paper describes MITRE’s recommended practices for secure code review and provides some lessons learned from reflecting on over 300 such engagements since 2009.
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
0
References
0
Citations
NaN
KQI