|

 
|
| | Name : | Carol Coggins | Organization : | Systest | Post Date : | 9/30/2005 |
| Comment : | Items missing:
In meetings of the NASED Technical Committee we discussed issuance of a clarification bulletin that addressed some of the issues encountered in the interpretation of the code review standards, specifically the application of the term module in various requirements and the broader security requirements in the VSS that permit the labs to interpret some coding practices as insecure. The problem is these practices are not explicitly identified and that leads to inconsistent application. An example is the hard coded password.
[Statements submitted at EAC public hearing, June 30, 2005, New York] | |
|
|