Comments on: My Defect Fixing Process http://www.basilv.com/psd/blog/2006/my-defect-fixing-process Wed, 23 Jul 2008 23:02:51 +0000 http://wordpress.org/?v=2.5.1 By: Basil Vandegriend http://www.basilv.com/psd/blog/2006/my-defect-fixing-process#comment-418 Basil Vandegriend Sun, 25 Jun 2006 23:22:39 +0000 http://www.basilv.com/psd/blog/2006/my-defect-fixing-process#comment-418 I agree - looking for other occurances is a very useful thing to do. I did mention this in point #5 "Learn from the defect", but perhaps it should have gone under point #6. I agree - looking for other occurances is a very useful thing to do. I did mention this in point #5 “Learn from the defect”, but perhaps it should have gone under point #6.

]]> By: Mike Totman http://www.basilv.com/psd/blog/2006/my-defect-fixing-process#comment-413 Mike Totman Sun, 25 Jun 2006 21:24:57 +0000 http://www.basilv.com/psd/blog/2006/my-defect-fixing-process#comment-413 One other thing that you could put in point #6 "Act on my learning" : Look for other occurences of that error. If that error is an easily searchable pattern or commonly occurring idiom, search out other cases of similar code and see if they suffer from the same defect. This is the approach the OpenBSD team applies to eradicate whole families of defects which lead to vulnerabilities. e.g. buffer overflows. One other thing that you could put in point #6 “Act on my learning” : Look for other occurences of that error. If that error is an easily searchable pattern or commonly occurring idiom, search out other cases of similar code and see if they suffer from the same defect.

This is the approach the OpenBSD team applies to eradicate whole families of defects which lead to vulnerabilities. e.g. buffer overflows.

]]>