Aleksey Bragin wrote:
'I read this code and it looked clean to me' line means that the commiter read the code, and assures all or some parts of the following:
- The code doesn't match any reverse-engineered rules (as on
wiki page regarding Audit) 2. The code is publically documented 3. The code has nothing to do with reverse engineering (has either completely different implementation from the windows one - example freeldr vs. ntldr/osloader, or doesn't have any counterpart in windows at all).
Then why not describe it using one of the above reasons? A note such as 'This code uses MSDN documented functions only' is clear and useful. A note saying 'I read this code and it looked clean to me' isn't and could mean anything.
It gives a good base point for us to start our defence from.
We are not under attack. We are just doing some preventive measures.
I know. I said 'if the cleanliness of the code is ever questioned again'. If that does happen, it could be in the form of an attack from an outside company. Having a better analysis as to why something was unlocked would be advantageous if this situation ever arose.
This was all decided when we originally locked the code, but no one has been following it.
arty, w3seek, me have been following this rules on the possibly dirty code, so please don't speak for everyone.
I don't mean the auditing methods, I mean the lack of useful message. I'm not accusing or judging anyone, I'm just trying to get a better unlocking system in place. As the code we audit gets closer to the border line of clean and dirty, we're gonna need to ensure we don't leave messages like 'yep, looks ok to me'
I hope mail this isn't coming across to anyone as argumentative. It's difficult to have a conversation over email without it sounding hostile. It isn't meant that way :)
Ged.
************************************************************************ The information contained in this message or any of its attachments is confidential and is intended for the exclusive use of the addressee. The information may also be legally privileged. The views expressed may not be company policy, but the personal views of the originator. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this communication is strictly prohibited. If you have received this message in error, please contact postmaster@exideuk.co.uk mailto:postmaster@exideuk.co.uk and then delete this message.
Exide Technologies is an industrial and transportation battery producer and recycler with operations in 89 countries. Further information can be found at www.exide.com