It seems that a major security bug is a great way to get code review on your project.
Related Posts
Chekhov's repro: If a line of code is included in a bug report, it should contribute to the debugging somewhere.
It's really satisfying to use a profiler for the first time on a project. I always find a big performance win with only a small code change.
It's never the code that I expected to be slow, however!
I'm a fan of the Software Unscripted podcast, and I particularly enjoyed this recent episode about CrowdStrike and security culture: https://www.youtube.com/watch?v=rzjaZssBEiI
The guest (Kelly Shortridge) compares attackers to lawyers trying to find loopholes. This is such a great analogy.