London software testing news UK

Testing an outsource of software development is secure

Posted in Software testing by testing in London on April 28, 2008

From IT DIrector

According to Ounce Labs, the following are some best practices that organisations should follow when outsourcing software code development:

  • Define upfront what is meant by security, including the security environment in which the application is to be used and what other resources could be exposed by a security vulnerability, and include the definition in the contract put in place
  • Validate the security mechanisms to be used upfront and set requirements for their use
  • Ensure that the third party is using software coding best practices and that they are documented and validated
  • Demand proof of the level of training, skills and security awareness among the third party’s development staff
  • Ensure that expectations are laid out in the service-level agreement, including milestones and deliverables
  • Define acceptance criteria for the security of applications delivered
  • Provide a list of the most critical flaws that are deemed unacceptable
  • Mandate measures for certifying that code is secure, including the use of automated testing tools
  • Define steps required in the audit process and ensure that all code is audited and certified before payment is made
  • Ensure that the right to audit code and perform security checks is written into the contract
  • Define processes for remediation by the third party and ensure that responsibility for bearing the costs of remediation or legal liability, even after the application has been delivered, are written into the contract
  • Specify in the contract that security checks and monitoring will be continued throughout the lifecycle of that application and lay out the third party’s responsibility for fixing flaws found at a later date.

Outsourced software testing quality assurance

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: