Agree that the developer should def not be the person
testing the security. Thats a really bad idea !

--- derek <djyo.net> wrote:
>
> With this, I cannot agree more!
>
> the programmer should not be the one testing the
> software and having the
> final approval. There must be an "independant"
> entity/dept/person with the
> responsibly for annoying the developer about every
> bug they find.
>
> for instance:
>
> as a programmer I know exactly how my code should
> work and I often make
> allowances while testing to get past one block of
> code to get to and test
> another block....thoroughness is an issue.
>
> as a programmer I often have a bias as to how I
> think the app should be
> presented to the user...the real users may not agree
> (they often don't).
>
> Later,
> dj
>
>
>
> Nelson Sampaio Araujo Junior wrote:
>
> > You should have different teams for white box
> testing e black box testing.
> >
> > When you know something, unconsciously you use it.
> If you do black box after
> > the white box, you'll *not* get a black box. It
> will be a gray-box, because
> > you'll tendend to think about what you have seen
> before.
> >
> > To clarify this try: black, white and black again.
> You'll see you will try
> > things in the first black you'll not be able to
> figure if you know something
> > about the system.
> >
> > []s
> > Nelson Junior
> > nelsonlunenetworks.com.br
> > nelsonLUNE.com.br
> >
> >
>
>

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]