WebApp Sec mailing list archives
RE: Code Complexity vs. Security
From: "Mark Mcdonald" <m.mcdonald () cgl com au>
Date: Tue, 27 Jul 2004 11:00:48 +0800
Ahh sorry, my bad. I meant maintainability. The theory being that a module with 2 if statements /should/ be easier to folow read than a module with 200. And personally, I think that IOCCC comp is one of the best competitions ever created :) -----Original Message----- From: Michael Silk [mailto:michaels () phg com au] Sent: Tuesday, 27 July 2004 10:53 AM To: Mark Mcdonald; Suha Demir CAN; webappsec () securityfocus com Subject: RE: Code Complexity vs. Security Hi Mark, I don't see that Cyclomatic Complexity will lead to greater readability, readability comes more from appropriate variable names, appropriate variable usage, and comments. Most of the code I read that is difficult to understand/follow is due to extremely weird usage of variable names and just strange general overall design of the application and algorithms, not the physical number of brackets or branches. For example even consider the code from one of the obfuscated c code competition: http://www.au.ioccc.org/2001/coupard.c It doesn't seem to be very Cycolmatically complex, but god help me if I ever had to change something in that code. -- Michael *** DISCLAIMER **** This e-mail and any attachments to it are confidential. If you receive them in error, please tell us immediately and delete them. You must not retain, distribute, disclose or otherwise use any information contained in them. Before opening or using any attachments with this e-mail you should check them for viruses and other defects. The sender does not warrant that they will be free from computer viruses or other defects. *******************
Current thread:
- Re: Code Complexity vs. Security, (continued)
- Re: Code Complexity vs. Security Suha Demir CAN (Jul 25)
- Re: Code Complexity vs. Security athena (Jul 26)
- Re: Code Complexity vs. Security Ed Moyle (Jul 26)
- RE: Code Complexity vs. Security Mark Curphey (Jul 25)
- Re: Code Complexity vs. Security Adam Shostack (Jul 25)
- Re: Code Complexity vs. Security Skip Carter (Jul 26)
- Re: Code Complexity vs. Security Martin Mačok (Jul 28)