Code signing – provides a digital signature to ensure its integrity/non-repudiation of the creator. Contains a seal used to detect alterations of the code. Also includes a unique identifier to indicate the classification and purpose of the code. While this is a good practice, it does not guarantee safety or security. It provides authentication of the publisher and integrity of the product and its intentions. Signed code can still contain exploits and security flaws.
Regression testing – testing software functions based on prior test scenarios to ensure that a change has not negatively impacted the software.
Acceptance testing – testing the application to ensure it satisfies all customer requirements.
Software assurance for acquired applications – think of a COTS system, security must be tested and ensured. The assurance process consists of the following phases:
- Planning – creating requirements, acquisition plan/strategy, and evaluation plan.
- Contracting – request for proposal, evaluation of proposals, finalizing contract negotiations, and awarding the contract.
- Monitoring/Acceptance – creating and approving the work schedule, creating change and configuration control processes, and review/accept software deliverables.
Follow-on – or sustainment – includes risk management activities, case management assurance, change management, and disposal/decommissioning.