← Back to context

Comment by chii

1 year ago

But a malicious actor can hide stuff that would be missed on a general casual inspection.

Most of the methods in https://www.ioccc.org/ would be missed via a casual code inspection, esp. if there weren't any initial suspicion that something is wrong about it.

http://www.underhanded-c.org/ is a c programming contest specifically dealing with programs that hide behaviour 'in plain sight'.

the winners are very much worth a look.

  • ah yea, that was actually what i was thinking of, but mistakenly thought it was the iocccc (tho both has merits).

Yes, but again, that doesn’t apply to the vast majority of code. My point is that saying you can’t know what code does “in general” is not true. We wouldn’t have code reviews if that were the case.