Secure code review methodology

[Noam Eppel <noam () noameppel com>]

The Open Source Security Testing Methodology Manual (OSSTMM) might be similar 
to what you are looking for, but it is broader in scope then just code review.

http://www.isecom.org/projects/osstmm.htm

Noam Eppel
noam () noameppel com
Web Security Consultant

> From: Mark Curphey <mark () curphey com>
> To: Mads Rasmussen <mads () opencs com br>
> CC: "Jeff Williams @ Aspect" 
<jeff.williams () aspectsecurity com>,webappsec () securityfocus com
> Subject: Re: RES: Fail Open Authentication and Parameter Injection
> Date: 25 Mar 2003 13:01:56 -0800
>
> For a long time I have been trying to find people who are experts in
> secure code review to start a secure code review methodology or at least
> add a section in the OWASP testing methodology. There are a few papers
> out there but I haven't seen an open methodology that people could
> provide metrics against or use as a yardstick to judge services. I am
> not even sure how practical it is to be honest.