Search Mailing List Archives
reed at unsafeword.org
Mon Jul 8 09:31:03 PDT 2013
On Mon, Jul 8, 2013 at 4:34 AM, Maxim Kammerer <mk at dee.su> wrote:
> On Mon, Jul 8, 2013 at 4:34 AM, Tom Ritter <tom at ritter.vg> wrote:
>> As one of the people on this list who does paid security audits, I
>> both want to, and feel obligated to, weigh in on the topic.
> Thanks for your insight into code review process. Besides perhaps
> insinuating that Veracode didn't do their job properly, I don't see
> how it is in any way relevant to the Cryptocat incident discussed ITT.
> There is absolutely nothing I can learn from this incident.
If it's all old review for you, I hope you will share even more
specific suggestions for others. CryptoCat has been a useful object
lesson, but already there is no shortage of threads for waggling the
finger of shame and personal criticisms. It helps that the discussion
goes to a more general discussion of review approaches and
Tom's was the first message of the thread that was useful to forward
to my own project. Some specific suggestions are now tasks in our bug
More information about the liberationtech