… I frequently see programs given “autonomous” access to data that the programmer isn’t permitted to touch. If you wouldn’t want programmers making life-and-death decisions, you don’t want them codifying those decision-making processes, either.
In the context of the first quoted sentence, the second is false. An independent code review can make the program far more secure than any one of the reviewers would be.
If you mean something like, ‘we don’t have a good decision procedure for this case’, then that’s not a programming problem, it’s a domain knowledge problem.
In the context of the first quoted sentence, the second is false. An independent code review can make the program far more secure than any one of the reviewers would be.
If you mean something like, ‘we don’t have a good decision procedure for this case’, then that’s not a programming problem, it’s a domain knowledge problem.