Skip to content
This repository was archived by the owner on Apr 3, 2025. It is now read-only.

Update control-16.12.rst #53

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update control-16.12.rst #53

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 17 additions & 2 deletions control-16/control-16.12.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
16.12: Implement Code-Level Security Checks
=========================================================
Apply static and dynamic analysis tools within the application life cycle to verify that secure coding practices are being followed.
Apply static, dynamic, or interactive analysis tools within the application life cycle to verify that secure coding practices are being followed.

.. list-table::
:header-rows: 1
Expand Down Expand Up @@ -31,14 +31,19 @@ Operations
#. For each software identified in Operation 1, determine if it is verified by a dynamic tool identified in Operation 4
#. Identify and enumerate software verified by a dynamic tool (M4)
#. Identify and enumerate software not verified by a dynamic tool (M5)

#. Use Input 1 :code:`GV5` to identify interactive analysis tools
#. For each software identified in Operation 1, determine if it is verified by an interactive tool identified in Operation 6
#. Identify and enumerate software verified by an interactive tool (M6)
#. Identify and enumerate software not verified by an interactive tool (M7)
Measures
--------
* M1 = Count of in-house developed software
* M2 = Count of in-house developed software verified by a static analysis tool
* M3 = Count of in-house developed software not verified by a static analysis tool
* M4 = Count of in-house developed software verified by a dynamic analysis tool
* M5 = Count of in-house developed software not verified by a dynamic analysis tool
* M6 = Count of in-house developed software verified by an interactive analysis tool
* M7 = Count of in-house developed software not verified by an interactive analysis tool

Metrics
-------
Expand All @@ -63,6 +68,16 @@ Dynamic Analysis Tool Coverage
* - **Calculation**
- :code:`M4 / M1`

Interactive Analysis Tool Coverage
^^^^^^^^^^^^^^^^
.. list-table::

* - **Metric**
- | The percentage of in-house developed software verified by an
| interactive analysis tool
* - **Calculation**
- :code:`M6 / M1`

.. history
.. authors
.. license