Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16830 | APP5090 | SV-17830r1_rule | DCSQ-1 | Medium |
Description |
---|
If flaws are not tracked they may possibly be forgotten to be included in a release. Tracking flaws in the configuration management repository will help identify code elements to be changed, as well as the requested change. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-04-03 |
Check Text ( C-17829r1_chk ) |
---|
Ask the application representative to demonstrate that the configuration management repository captures flaws in the code review process. The configuration management repository may consist of a separate application for capturing code defects. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. 1) If there is no configuration management repository or the code review flaws are not captured in the configuration management repository, it is a finding. |
Fix Text (F-17147r1_fix) |
---|
Track flaws found during a code review. |