RE: [gnome-love] Code Auditing as Love

["Tom Musgrove" <TomM pentstar com>]

>This sort of a document would be a great starting place.  I guess the
>first thing that must be done is research on the web as to whether such a
>document already exists.  Anybody can do this - you don't need experience
>with code auditing.  Once we know what is out there, we can decide whether
>to use the existing documentation or to adapt and improve on it for GNOME.

>I think this is a fine place for somebody who is looking for a task to
>contribute.

>BTW: This would not only be helpful for people auditing code, but would be
>valuable to hackers who want to avoid the most common pitfalls in their
>code.

>Dan

I've already found some results

the best search term is 'code inspection'


here is a code inspection checklist for C++

http://www.infosec.jmu.edu/courses/CS555infosec99/Deliverables/CppChk.htm

very complete

here is another code inspection overview

http://www.cs.hmc.edu/courses/2001/spring/cs121/htmlcode.old/

and another

http://www.cs.rose-hulman.edu/~ardis/Courses/CS490VandV/CS490checklist.html

and another

http://www2.ics.hawaii.edu/~johnson/FTR/Bib/Baldwin92.html

and another

http://www.iam.unibe.ch/~scg/Resources/PSE/PSE99/WWW/codeInspections/codeIns
pectionProcess.html


with a checklist

http://www.iam.unibe.ch/~scg/Resources/PSE/PSE99/WWW/codeInspections/maintai
nabilityChecklist.html


here is another

http://www.homeport.org/~adam/review.html

and here is a interesting study on defect detection

http://www.bell-labs.com/user/hpsiy/research/thesis/main.html




I'll let you know if I find any others that are worthwhile,

Tom M.
TomM Pentstar com






_______________________________________________
gnome-love mailing list
gnome-love gnome org
http://mail.gnome.org/mailman/listinfo/gnome-love