[Owasp-ireland] [Owasp-codereview] why code review?

Jeff Williams jeff.williams at owasp.org
Tue Jul 6 13:11:43 EDT 2010


Do you have any  links to information about paying developers to introduce
"accidental" security holes into apps?  I'm thinking about starting a
database to track incidents of malicious insider developer abuse.  What do
you think?


-----Original Message-----
From: owasp-codereview-bounces at lists.owasp.org
[mailto:owasp-codereview-bounces at lists.owasp.org] On Behalf Of Daniel
Sent: Tuesday, July 06, 2010 12:27 PM
To: Eoin
Cc: owasp-ireland; Owasp-codereview at lists.owasp.org;
Owasp-Leaders at Lists.Owasp
Subject: Re: [Owasp-codereview] why code review?

On Jul 6, 2010, at 10:44 AM, Eoin wrote:

> Injecting faults in code which cause costly maintenance callouts. A great
abuse business anti-model!!
> http://www.theregister.co.uk/2010/06/25/spanish_logic_bomb_probe/


I've seen cases where developers had been paid to 'introduce' sql injection
bugs into code. 

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851 
"Moments of sorrow are moments of sobriety"

Owasp-codereview mailing list
Owasp-codereview at lists.owasp.org

More information about the Owasp-ireland mailing list