Code Review Guide History

OWASP Code Review Guide Table of Contents

The Code Review guide is the result of contributing to the Testing Guide. Initially it was thought to place Code review and Testing into the same guide. But code review got too big and evolved into itso own stand alone guide.

The code review guide was started by [User:Eoin Keary] and is currently in its infancy. Eoin was lead of an application security group for a large financial institution and was involved with the code review process for many years. It was found that a proper code review function that is integrated into the software development process /Lifecycle (SDLC) produced remarkably better code from a security standpoint.

"Secure code review is the sign of a mature SDLC and in my view much more sustainable and controllable than the pen and patch model"