Loading user information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading user information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Hunter Hudson/Jon Pincus - On Spot the Bug and Code Quality

21 minutes, 5 seconds


Right click “Save as…”

  • WMV (WMV Video)
Hunter Hudson, development manager, programmer productivity Research center, and Jon Pincus, senior researcher on Microsoft Research, sit down with Charles Torre to talk about spotting bugs and code quality issues in this three-part interview.


Follow the discussion

  • Oops, something didn't work.

    Getting subscription
    Subscribe to this conversation
  • There is a typo in the line
    var strConnection="Data Source=c:\\auth\\auth.mdb;"
    But a real bug is that when building the SQL query, the user input is not checked, so I could enter my name as "teis' DROP TABLE client": Classic mistake
  • MauritsMaurits AKA Matthew van Eerde
    I have to agree that there is a large difference between the kind of bug that simply stops the app from working (typo in data source parameter) and the kind of bug that allows the app to survive casual testing but which nevertheless leaves a large security hole.  The first kind is much easier to catch, but is much less serious in the larger sense.

Remove this comment

Remove this thread


Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.