Firewall Wizards mailing list archives
Code review/audit and/or version control
From: George Capehart <capegeo () opengroup org>
Date: Mon, 22 Jul 2002 17:26:29 +0800
The comments below were taken from an out-of-band exchange with the moderator after he rejected a comment I made early in the thread on FWTK and smap. The conversation took an interesting twist, and when Paul said:
"I agree, and again- I'd *happily* approve a longer posting. I think the issues are important, and while it's a little off-topic, I don't think it's horribly so."
I thought I'd take him at his word. ;-) The topic got around to the problems of managing code integrity, code reviews, version control, etc. through the complete life cycle of a system. It touched on reintroducing buggy code into the production branch, even knowingly . . . "re-auditing" code, etc. I have included a section of the last message below. Using that as the basis for discussion, I'll take the straw position that code that has been "audited out" of a distribution because of quality or security reasons should not be allowed back in. < ----- Begin excerpt ----- >
Wow! That's interesting. On a Y2K project, I ran into some code that had been around so long that no one knew where the source was, but I don't think it was that old . . . Incredible. I'm sure that the reason the DBMS was still in use is that it was a robust product. In the case of the Y2K project, no one was willing to take it out of the job stream 'cause no one knew what it did . . . ~<8-}
That's typically how it goes! Back when I could make patches by looking at object code, my threshold for mucking with things was way different than it is now ;)
Well, I don't know about that particular environment, so I can't say. However, for the system I described above, the *absence* of source/version control made even code review impossible . . . excepting, of course the disassembled object. It's been a *looooong* time since I've written assembler for any architecture, much less the System 3xx . . . ;-)
Thank goodness the DBMS job was the last time I did that, after 4.5 years of mostly assembler development, I think I was as happy to leave it as I was when I started it to get the job. I haven't touched PL/1 since 92, and 3x0 assembler since about 93.
For me it is not a zero-sum game between code review and version control. I'm afraid that I might have given that impression. I do understand the need for resurrecting old code. However, I do not understand the need to resurrect code that has known memory leaks, bad
Better the leaks you know than the ones you don't? It's not a *good* reason, but I've seen it done before.
There is another reason that code review is important to me. When a system is initially designed and constructed, the requirements, design and implementation decisions are based on assumptions about the chain of trust and controls that are going to be in place when the system is put into production. Over time, as systems evolve and vulnerability profiles change, those assumptions can become invalid. This means that
That's a very important issue which is overlooked way too frequently for my tastes. It's one of the reaons I preferred to have a good ongoing relationship with my vendors- so I could say "Hey, I'm looking at doing foo, is that going to change this assumption?"
systems that were "secure" when implemented are not any longer. So, for me, whenever a system is modified, one should do a review of the potentially vulnerable parts of the legacy code. So, I'm definitely not saying that code reviews are not important. What I should have more careful in saying (and admit that this *is* a matter of religion) is that it is my personal opinion that code that has been audited and rejected because of poor quality or because it contains known vulnerabilities should never be allowed back into the production branch. ;-)
< ----- End excerpt ----- > George Capehart _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 23)
- Re: Code review/audit and/or version control Kevin Steves (Jul 26)
- Re: Code review/audit and/or version control George Capehart (Jul 22)
- Re: Code review/audit and/or version control Joseph S D Yao (Jul 22)