After the last critical and prominent software bugs [1 , 2] that could be avoided by code review. I will name some of them and write one or two sentence about it.
In my current development work I had to check commits, packages/modules. This leads to the differentiation between commit review and technical reviews. We used commit reviews to find any sort of bug but it is hard to find design problems in inspecting only a commit without knowing the rest of the code so introduced technical reviews that watched whole classes and packages. We do commit reviews daily and technical reviews after introducing a feature and by request. The following tools help us by doing these types of reviewing.
Sonarqube is full featured code analyzing tool and one part of it is allowing to comment on your code. With this feature you can do technical reviews.
Barkeep is review tool specialized on commit reviews. It does this and does it very well.
Pair Programming is not a tool it is a rule of extreme programming but I find it very helpful to avoid bugs before you commit your code.
What I already missed so far is a tool that integrates well both review types. So a group of developers (I am part of it) started a tool with name gh-review that tries to combine both.
In other words, because of pesky things like the Constitution in the United States and instead of just using existing, vast international resources to prosecute criminals and terrorists, we’re going to be expanding broken ISP filters against the advice of pretty much everybody. Granted what is deemed “extremist” will likely be entirely arbitrary, and as we’ve seen with the porn filters, there’s probably no limit to the number of entirely legal and legitimate websites UK citizens will find suddenly inaccessible.
— Karl Bode on expansion of the UK’s “porn” filters
Billy Rios, director of threat intelligence at Qualys, here [Kaspersky Security Analyst Summit] today said he and colleague Terry McCorkle purchased a secondhand Rapiscan 522 B X-ray system via eBay and found several blatant security weaknesses that leave the equipment vulnerable to abuse: It runs on the outdated Windows 98 operating system, stores user credentials in plain text, and includes a feature called Threat Image Projection used to train screeners by injecting .bmp images of contraband, such as a gun or knife, into a passenger carry-on in order to test the screener’s reaction during training sessions. The weak logins could allow a bad guy to project phony images on the X-ray display.
— Kelly Jackson Higgins in Dark Reading on vulnerabilities found in carry-on baggage screening devices
While much of the NSA’s capabilities to locate someone in the real world by their network activity piggy-backs on corporate surveillance capabilities, there’s a critical difference: False positives are much more expensive. If Google or Facebook get a physical location wrong, they show someone an ad for a restaurant they’re nowhere near. If the NSA gets a physical location wrong, they call a drone strike on innocent people.
— Bruce Schneier
via Security quotes of the week [LWN.net].
It is theoretically possible to give a loaded gun to a baby; things will probably work out fine. Searching for news about such mishaps, they are quite rare. Still, they do occur, and I suspect the industry has “warning labels” regarding leaving guns lying around.
strcpy-related security holes still occur these days, but I think they have been reduced. There has been a slight improvement; software is being written with a little bit more care. Fewer developers are handing strcpy “guns” to their users.
I believe the OpenBSD “warnings labels” do play a small part in improving the situation. You don’t need to reach all the grumpy programmers who believe they have godlike powers to avoid making overflow mistakes; if you reach some people, you get progress.
– Theo de Raadt
IMHO, nothing kills corner cases like polymorphism. Remove the conditions and you remove the dark corners where bugs like to hide.
– John Florian
via Distribution quote of the week [LWN.net].
Strict code formatting rules and constant code reviewing can lower the chance of such errors.
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
via"goto fail;" considered harmful [LWN.net].