-Some categories in the ASVS are easier to check than others. For example
-Section~\ref{sec:v6}. A lot of possible attack vectors were not available just
-because the were not used. In other cases the verdict was an easy fail since
-some components, like input escaping, are just not present.
-%
%TODO
%- Vandaag verdict (puntjes) uploaden (iedereen)!
%- Na morgen heeft iedereen de resultaten van Fortify een keer bekeken
\subsection{On HP Fortify / automated code analysis tools}
\input{reflection.tools.tex}
-\subsection{?}
-(TODO: Mart)
+\subsection{TestCMS code security}
+\input{reflection.testcms_code.tex}
-\subsection{On the code \& streamlining subsequent security audits}
-\input{reflection.code_and_auditing.tex}
+\subsection{On the general development of secure software}
+\input{reflection.secure_development.tex}