File:2015-02-24-Jim DelGrosso-OWASP Belgium, Why Code Reviews and Pen-Tests Are Not Enough.pdf

Why Code Reviews and Pen-Tests Are Not Enough (by Jim DelGrosso, Cigital)

Code reviews and penetration tests are excellent techniques for finding defects in software. But there is a whole class of defects that they are not good at finding - flaws. Jim will briefly talk about the differences between bugs and flaws, will describe a technique to help identify flaws, and talk about the work being done as part of the IEEE Center for Secure Design to help people avoid common flaws.