RE: Code Complexity vs. Security

["Mark Mcdonald" <m.mcdonald () cgl com au>]

Ahh sorry, my bad.  I meant maintainability.  The theory being that a module with 2 if statements /should/ be easier to 
folow read than a module with 200.

And personally, I think that IOCCC comp is one of the best competitions ever created :)

-----Original Message-----
From: Michael Silk [mailto:michaels () phg com au] 
Sent: Tuesday, 27 July 2004 10:53 AM
To: Mark Mcdonald; Suha Demir CAN; webappsec () securityfocus com
Subject: RE: Code Complexity vs. Security


Hi Mark,

        I don't see that Cyclomatic Complexity will lead to greater readability, readability comes more from 
appropriate variable names, appropriate variable usage, and comments.

        Most of the code I read that is difficult to understand/follow is due to extremely weird usage of variable 
names and just strange general overall design of the application and algorithms, not the physical number of brackets or 
branches.

        For example even consider the code from one of the obfuscated c code competition: 
http://www.au.ioccc.org/2001/coupard.c

        It doesn't seem to be very Cycolmatically complex, but god help me if I ever had to change something in that 
code.


-- Michael

*** DISCLAIMER ****

This e-mail and any attachments to it are confidential. 
If you receive them in error, please tell us immediately and delete them. 
You must not retain, distribute, disclose or otherwise use any 
information contained in them.


Before opening or using any attachments with this e-mail you should check
them for viruses and other defects. The sender does not warrant that they
will be free from computer viruses or other defects.

*******************