LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Needed: code auditors

Needed: code auditors

Posted Feb 5, 2004 5:49 UTC (Thu) by jamesm (guest, #2273)
Parent article: Needed: code auditors

While I agree that more needs to be done, I think this article misses good audting that occurs at several points:

1) When patches are submitted.

2) When other developers need to modify code and walk the codepaths with a fresh/different viewpoint.

3) When new developers start poking around to figure out how things work e.g. the kernelnewbies project has been the source of many, many kernel bugfix patches due to this.

4) When code review happens privately (or semi privately) before upstream submission.

5) Research and commercial projects which methodically look for classes of bugs (e.g. Stanford checker).

Code audit is more than planned, specific, high publicity projects (not to say that these are not useful).

It might be useful to find out more about why Sardonix failed. I'd guess that it was on a social level, rather than a technical one.


(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds