The class project: security code reviews. Divide yourselves into groups of 3, and select some open source package of at least 2KLOC. Email me your group membership and identify the software that you'll be reviewing. Your job is to identify bugs -- especially security bugs -- in the code. This is due Feb 13.
After we do this we'll swap software packages, and after a brief respite your group will do a security review of software that another group had examined. This second review will be due on Mar 8.
The group(s) that finds the most security critical bugs -- I decide how important they are, so not just raw number of bugs -- get (very small) prizes.
email@example.com, last updated