Adventures in the programming jungle

Note: This notes were strongly inspired by the following books: CSSLP Certification All in one and Official (ISC)2 Guide to the CSSLP CBK, Second Edition

Software acceptance is the life cycle process of officially or formally accepting new or modified software components, which when integrated form the information system.

Pre-Release activities:

• completion criteria – are all the functional and security requirements completed as expected.
• change management – is there a process in place to handle change requests.
• approval to deploy/release – have all of the required authorities sign off.
• risk acceptance and exception policy – is the residual risk acceptable or tracked as an exception.
• documentation – are all the necessary documentation in place.

Post-Release activities:

• validation & verification (V&V) – Validation means that the software meets the specified user requirements.  Verification describes proper software construction. V&V is not an ad hoc process but it is a very structured and systematic approach to evaluate the software technical functionality. The evaluation can be divided in two main activities:
  • reviews
    • design (review).
    • code (review).
  • testing
    • error detection (tests).
    • acceptance (tests).
    • independent third party (tests).
• certification and accreditation – Certification is the technical verification of the software functional and assurance level. Accreditation is management’s formal acceptance of the system after an understanding of the risks to that system.