This paper presents and assesses the different techniques for the code quality and security evaluation that a 'receptor' (recipient organization) of externally developed software can apply to determine the intrinsic (technical) quality and security of the delivered software.
Capabilities (technical, tools and process) that can be implemented are analyzed, taking into account the restrictions that are often imposed to quality and security teams, and myths, gaps and inefficiencies in the acceptance phase ('black box' syndrome).
The paper concludes with a roadmap that the recipients can apply to improve those capabilities and detect as soon as possible quality problems and security vulnerabilities before transition to production and maintenance of the delivered system stages.
We need to know a little bit about you. Make sure you give us a valid email: we’ll send you this awesome content to your inbox.