Best practices checklist
Modern software applications contain many complexities that challenge testing requirements and security teams. A variety of elements including custom/proprietary code, open source components, and application configuration pose challenges for independent verification and validation (IV&V) and audit and testing teams.
The complexity and high-stakes nature of U.S. Department of Defense requirements and key performance parameters magnify these challenges.
A clear understanding of software weaknesses and shortcomings is crucial. Arming auditors and testers with proven application security tools integrated into their test regimes and processes will reduce the time and effort needed to address risks attributable to exploitable software.