A security analyst has been asked to perform a review of an organization's software development lifecycle.
The analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical feedback of another developer's code.
Which of the following assessment techniques is BEST described in the analyst's report?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The assessment technique that the security analyst describes in their report is peer review (option D).
Peer review is a type of code review in which developers evaluate and provide feedback on each other's code. The main goal of peer review is to identify defects early in the software development lifecycle, before they become more expensive and difficult to fix.
Peer review can take different forms, such as pair programming, code walkthroughs, and code inspections. In all cases, the focus is on having a developer review the code of another developer, looking for defects, identifying areas for improvement, and suggesting changes.
Architecture evaluation (option A) is a different type of assessment that focuses on the overall design of a system or application, rather than on specific lines of code. Architecture evaluation is typically performed by experienced architects and aims to identify potential architectural flaws that could impact the system's security, performance, or scalability.
Baseline reporting (option B) refers to the process of establishing a baseline or reference point for a system's performance or security. Baseline reporting can be used to track changes over time and identify deviations from the expected baseline, which could indicate security incidents or other issues.
Whitebox testing (option C) is a type of testing that involves examining the internal workings of an application or system. Whitebox testing is often performed by developers and includes techniques such as unit testing and integration testing.
In summary, the best described assessment technique for evaluating and providing critical feedback of another developer's code is peer review.