Page 1401 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1401
specific tasks for various teams and lays out initial timelines for the
completion of coding milestones.
After the design team completes the formal design documents, a
review meeting with the stakeholders should be held to ensure that
everyone is in agreement that the process is still on track for the
successful development of a system with the desired functionality.
Code Review Walk-Through
Once the stakeholders have given the software design their blessing,
it’s time for the software developers to start writing code. Project
managers should schedule several code review walk-through meetings
at various milestones throughout the coding process. These technical
meetings usually involve only development personnel, who sit down
with a copy of the code for a specific module and walk through it,
looking for problems in logical flow or other design/security flaws. The
meetings play an instrumental role in ensuring that the code produced
by the various development teams performs according to specification.
User Acceptance Testing
After many code reviews and a lot of long nights, there will come a
point at which a developer puts in that final semicolon and declares
the system complete. As any seasoned software engineer knows, the
system is never complete. Now it’s time to begin the user acceptance
testing phase. Initially, most organizations perform the initial system
tests using development personnel to seek out any obvious errors. As
the testing progresses, developers and actual users validate the system
against predefined scenarios that model common and unusual user
activities.
Once this phase is complete, the code may move to deployment. As
with any critical development process, it’s important that you
maintain a copy of the written test plan and test results for future
review.
Maintenance and Change Management
Once a system is operational, a variety of maintenance tasks are
