[REPOST] Malicious software code review
[REPOST]
Way back in the early 2000's I found myself working freelance as a result of the dot com implosion.
I found a gig sub-contracting for a contract a large company in San Diego had acquired from another company. They wanted to build a reliable delivery platform for the cell network. In those days cell data was 2G & 2.5G at best, so this wasn't as easy as you might think.
The division of the large company ran a satellite message platform, and the CTO of that division had no interest in this project, which is how I ended up with it.
Interestingly enough in the dot com implosion I had been let go by a company building a VAN overlay on the internet, a very similar problem. Since the second version of a product is always better I just took the lessons I learned and applied them to this project.
That included heavily relying on this "new thing" called open source software. It took my small team about six months to build and deliver the platform and both the customer and the sales people were very happy with the result. But the CTO of this division was not.
He had turned down the project based on his assumption that it would be a long and arduous task. So he demanded a code review with me and my team. He was very explicit, he wanted to see every line of code in this project, and we were not to leave anything out. He was sure we were somehow faking our results and was going to "get to the bottom" of this, as there was no way we could have delivered in six months.
So we assembled our source into a zip for him. First the code we wrote. Then all the source for the open source libraries we used. Then the source for the libraries those libraries used, an so on recursively until we everything. We ran all that through a formatter (to make it easier to read) and ended up with about 800MB of source files. Which we sent off to the CTO.
The initial code review date got moved back, and rescheduled for a month later. We sat in the meeting waiting for him, and he arrived about 15 minutes late. He stood in the doorway and looked at us and finally asked his only question - what did we use to pretty print the source.
I started to say we used a script we wrote but he cut me off, said fine and left the room. We ended up doing work for that large company for 10 years and never again were we asked to a code review.
 
                    
Add comment