Slashdot Mirror

← Back to Stories (view on slashdot.org)

Third Party Code Review?

Posted by ryuzaki0 on from the who-would-you-trust-with-your-code dept.

An Anonymous Coward asks: "It looks like our sale-person is about to land a big contract with a very large US Bank, however there is a large catch in that the bank is demanding that we let them do a full audit on the source code of the software application we are selling them. After the recent rash of identity thefts of credit card and other personal info, they now mandate that all internet facing applications that store potentially private information have to have a full source code audit. This includes software from 3rd party vendors such as my company. They want to run our Java code through some software called Fortify (we looked up the price -- around $80,000) and also do a manual analysis of the code. This software is our company's life-blood. We would be ruined if it fell into a competitor's hands. We aren't storing private information about their customer's; all of the information can be found from government county auditor web sites. I understand their point of view, but it is a very scary step for us to take. Has anyone else done this and how did it work out?"

7 of 89 comments (clear)

  1. Re:ruined? by iMaple · · Score: 5, Funny

    Better idea. Ruin Fortify.

    Talk to the bank manager, let him know that you whole heartedly support security audits. Then ridicule him for trusting Fortify, a closed source tool, for sucah an important audit. Enlighten him about the possible conspiraces involving Fortify, Nigerian Scammers, Dick Cheny , ... you get the idea. Then offer to audit the Fortify source code for free. Start a new company in China (they dont have freedom of speech, but neither do have strong copyright protection) and start selling Fortify+ (or FortifyLight depending on your marketing strategy). You will be a multi millionaire soon. Dont stop, claim that the original Fortify stole your source code and sue them (dont care if its obviously untrue, remember SCO ?). And then finally when you have a few billion dollar in you bank account GPL the code under GPL 3 and post the news on slashdot.

    Whew, another success story for the books.

  2. Re:Not too sympathetic. by Saeed+al-Sahaf · · Score: 2, Funny

    Order happy meal first. Big mac later.Good starting point for a haiku. Work on it.

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  3. Re:ruined? by LLuthor · · Score: 4, Funny

    I think we have finally solved the infamous 2. ??? puzzle.

    --
    LL
  4. Re:Not too sympathetic. by tinkertim · · Score: 4, Funny

    >> Order happy meal first. Big mac later.Good starting point for a haiku. Work on it.

    Pointless Haiku
    containing big mac
    always ends with
    toilet flushing.

    I doubt that qualifies. But then I don't qualify for much either :) So it fits.

  5. Re:Not too sympathetic. by smallfries · · Score: 4, Funny

    Happy meal first.
    Order a Big Mac later.
    Fries with that?

    My god its late and I need to go home

    --
    Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
  6. Re:ruined? by cerberusss · · Score: 3, Funny
    You forgot an important step.

    At some point in the above-mentioned plot, mostly around the end, you should laugh like a maniac, like "BWA HAH HA HA HA HAAAAAAaaah". For more information, see this entry on Wikipedia

    --
    8 of 13 people found this answer helpful. Did you?
  7. Re:Not too sympathetic. by TheOtherChimeraTwin · · Score: 2, Funny
    Closer, but a Haiku should mention a season.
    Happy Meal first.
    Order a Big Mac later.
    Salted Fries with that?
    See? Salt is a seasoning.