|
| |
-
Software Change Management
Modern software change management systems used by major corporations usually
incorporate automated world-wide distribution (replication) of all
source code. This allows developers to be working on the code on an
almost 24/7 basis around the world. Great for productivity.
An improved security model would be based on a "Trusted Repository"
approach. A centrally located (properly secured, with backup
protection) repository would contain all source code arranged in modules and
subsystems. Object code for each module and subsystem would be
available for use as needed by all developers. Individual developers
would only be allowed to access and modify (check in/out) the source code
for the specific module(s) for which they were responsible. Local
"builds" of the modified code for testing purposes would be accomplished by
linking with any required objects replicated to the local system from the
trusted repository. Work-flow tools would greatly improve the security
as well as the efficiency of the development process (Roles and Pools).
-
Testing
Complete path coverage analysis should be required and documented for the
aggregate module/subsystem/system levels. Certification of completion
is by the test team leader.
-
Concordance reviews
A review of the concordance of words in a new module, and a review of words
added to an existing module should be performed. Certification of
completion is by the development team leader.
-
Final build for release
The release process should include a review of all changes made to the code
by a three to five person randomly selected review team. The team
should be led by a software expert at the V.P. level who concludes the
review by certifying the trustworthiness of the modifications. Each
line of modified code (identified by the change management system) should be
displayed along with two to three preceding and succeeding lines. The
review team would have access to all completion documents. For highly
complex or new code modules the development team and test team leaders
should be available to answer questions.
|
