The Test Manager will ensure a code review is performed before the application is released.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16829 | APP5080 | SV-17829r1_rule | DCSQ-1 | Medium |
| Description |
|---|
| Code reviews should be done prior to an application release. Code reviews can be done any time during the software development lifecycle, but it is important to perform code reviews with code that will be released as part of the application. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2013-07-16 |
Details
| Check Text ( C-17828r1_chk ) |
|---|
| Ask the application representative to provide evidence of code reviews. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. 1) If code is not being reviewed or only some application components are being reviewed, it is a finding. 2) If the code reviews indicate hard-coded IPv4 or IPV6 addresses, it is a finding. |
| Fix Text (F-17146r1_fix) |
|---|
| Perform manual code reviews or use automated code review tools. |