Review by Many Eyes Does Not Always Prevent Buggy Code

171

Writing code is hard. Writing secure code is harder—much harder. And before you get there, you need to think about design and architecture. When you’re writing code to implement security functionality, it’s often based on architectures and designs that have been pored over and examined in detail. They may even reflect standards that have gone through worldwide review processes and are generally considered perfect and unbreakable.*

However good those designs and architectures are, though, there’s something about putting things into actual software that’s, well, special. With the exception of software proven to be mathematically correct,** being able to write software that accurately implements the functionality you’re trying to realize is somewhere between a science and an art. This is no surprise to anyone who’s actually written any software, tried to debug software, or divine software’s correctness by stepping through it; however, it’s not the key point of this article.

Read more at OpenSource.com