# Monday, July 09, 2007

Ugh.. what a scary feeling. To have your client engage the services of a 3rd party security firm and submit your code over for a code review to see if your code is secure or not.

No offence to those guys, but I guess I'm uneasy for letting someone who's bonus is dictated by how many flaws they find in my code have free reign over it. What would I have to do? Explain in detail why I did all my little hacks, the shortcuts, promise that no external code ever ever ever will run in the component (Just remember.. promising that your code works well is NOT a solution).

I guess the thing that I'm most worried about is, different programmers have different styles and methods of solving a problem. But what if those guys feel that theirs is the best way and then get the client to pressure me to confirm even though my way is just a secure and efficient as theirs?

This is going to be an interesting experience.


Note that you can Post As GUEST as well.
blog comments powered by Disqus