I know that I'm more likely to find a bug if I know it's there than if I'm just ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wheels on Feb 8, 2009 \| parent \| context \| favorite \| on: Play-by-play on the phpbb.com hack I know that I'm more likely to find a bug if I know it's there than if I'm just reviewing my own code for the hell of it.

tptacek on Feb 8, 2009 [–]

You are highly unlikely to find your own bugs; teams that have invested millions of dollars in training and process (for instance, requiring detailed internal code reviews before signing off on code to ship, and passing static analysis systems) still have gameovers shown to them during third party pen tests.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact