Documentation - V-222648

V-222648

Application Security and Development Security Technical Implementation Guide

CAT II

Title

An application code review must be performed on the application.

Description

<VulnDiscussion>A code review is a systematic evaluation of computer source code conducted for the purposes of identifying and remediating the security flaws in the software. This requirement is meant to apply to developers or organizations that are doing application development work and have the responsibility for maintaining the application source code. Examples of security flaws include but are not limited to: - format string exploits - memory leaks - buffer overflows - race conditions -...

Fix Text (Documentation Requirement)

Conduct and document code reviews on the application during development and identify and remediate all known and potential security vulnerabilities prior to releasing the application.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel