Testing and Documentation
One of the most neglected areas of software development security policies is the area of testing and documentation. Both are important components of software development, but they have security implications. A comprehensive testing plan can help find a number of problems before they go into production. However, proper documentation can assist testers in understanding what is being tested. Therefore, these policies should start with the requirement for testing and documentation. A simple statement can say
All custom development shall be tested and documented before being installed into the production environment.
It is important to note that this statement is establishing the requirement, not the type of testing or ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
