This is part 6 of 6 posts on what to look for in a code review. See previous posts from the series.
How much work you do building a secure, robust system is like anything else on your project - it depends upon the project itself, where it’s running, who’s using it, what data it has access to, etc. Often, if our team doesn't have access to security experts, we go too far in one direction or the