This is part 6 of 6 posts on what to look for in a code review. See previous posts from the series.
How much work you do building a secure, robust system is like anything else on your project - it depends upon the project itself, where it’s running, who’s using it, what data it has access to, etc. Often, if our team doesn't have access to security experts, we go too far in one direction or the other: either we don’t pay enough attention to security issues; or we go through some compliance checklist and try to address everything in some 20 page document filled with potential issues.
As us