2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet633/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   629   630   631   632   633   634   635   636   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

 Code Review and Testing 
One of the most critical components of a software testing program is conducting code 
review and testing. These procedures provide third-party reviews of the work performed by 
developers before moving code into a production environment. Code reviews and tests may 
discover security, performance, or reliability fl aws in applications before they go live and 
negatively impact business operations.
 Code Review 
Code review
is the foundation of software assessment programs. During a code review, 
also known as a “peer review,” developers other than the one who wrote the code review it 
for defects. Code reviews may result in approval of an application’s move into a production 
environment, or they may send the code back to the original developer with recommenda-
tions for rework of issues detected during the review. 
Code review takes many different forms and varies in formality from organization to 
organization. The most formal code review processes, known as Fagan inspections, follow 
a rigorous review and testing process with six steps: 
1.
Planning 
2.
Overview 
3.
Preparation 
4.
Inspection 
5.
Rework 
6.
Follow-up
An overview of the Fagan inspection appears in Figure 15.9 . Each of these steps has 
well-defi ned entry and exit criteria that must be met before the process may formally transi-
tion from one stage to the next. 
The Fagan inspection level of formality is normally found only in highly restrictive envi-
ronments where code fl aws may have catastrophic impact. Most organizations use less rig-
orous processes using code peer review measures that include the following: 

Developers walking through their code in a meeting with one or more other team 
members 

Testing Your Software 
683

A senior developer performing manual code review and signing off on all code before 
moving to production

Use of automated review tools to detect common application flaws before moving to 
production
F I G u r e 15 . 9
Fagan inspections follow a rigid formal process, with defined entry and 
exit criteria that must be met before transitioning between stages.
Planning
Overview
Preparation
Inspection
Rework
Follow Up
Each organization should adopt a code review process that suits its business require-
ments and software development culture.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   629   630   631   632   633   634   635   636   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish