Does anyone have code review guidelines available? The only ones I
can find on the web are a process description for nuclear power
plants, which while interesting, have different requirements than
firewalls. (Reliability above all else, somewhat trusted users, lots
of user interaction)
(A firewall, incidentally, should not be reliable above all else, it
should be secure first. This means that it can fail in odd ways, as
long as it remembers to turn off all the network connections first.
The firewall should be secure first, reliable second. Of course,
reliable is a big part of secure, but its not the only part.)
The guidelines are located at:
"It is seldom that liberty of any kind is lost all at once."