Talk:Code audit

= Merge with Code review = I think this article needs to be combined with Code review 20:32, 22 Aug 2008 (UTC)

I agree absolutely. A code audit is just a code review by an external party (perhaps with a greater emphasis on security). 06:19, 20 April 2012 (UTC) — Preceding unsigned comment added by 203.41.222.1 (talk)

"Low-risk vulnerabilities" a bit outdated?
I'm concerned that identifying things like cross-site-scripting as low risk is dangerously incorrect. While they don't allow the server code to be attacked directly, they do allow "clients" to attack each other and to, for example, gain administrator privileges, or deface web sites. — Preceding unsigned comment added by 130.216.24.53 (talk) 01:28, 8 August 2012 (UTC) I agree with the above. Directory traversal too can be very bad. Perhaps we can remove the distinction between high and low risk vulnerabilities altogether? It seems a little unnecessary. 80.7.27.189 (talk) 14:07, 6 September 2013 (UTC)

Remove reference to Defensive Programming
> It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released.

There are several things wrong with this statement: 1. It is not true. 2. Why try to explain what defensive programming is - leave that to the linked article. 3. Defensive programming does not attempt to reduce errors, but mitigate their effects. (In fact defensive programming often increases the number of released bugs by hiding them.)

06:24, 20 April 2012 (UTC) — Preceding unsigned comment added by 203.41.222.1 (talk)

Parasoft Spam
I've just gone to two of the citations linked, and both refer to a page for 'parasoft' - one of which is behind a pay-wall type affair where you have to sign up to view the document; which appears primarily to be advertising Parasoft products. I'm going to remove the citations as I believe their both spam - and probably inserted my a member of the company in question. Fmorrow (talk) 08:36, 11 September 2012 (UTC)

Code review
Is a code audit the same as a code review? Where exactly is the difference? --MartinThoma (talk) 14:24, 24 December 2015 (UTC)