Software Management

Owned by David Walker (Unlicensed)
Last updated: Apr 27, 2011Version comment

Software Management

The Software Management subgroup of the SSWG is developing guidelines for software management practice at UC Davis. This includes software repositories, documentation, application security, change control, testing, deployment, etc.

Subgroup Membership

  • Curtis Bray
  • Adam Getchell
  • David Walker

Applicable Policy

  • IS-10 Systems Development and Maintenance Standards
    • The following sections have applicability:
      • 2.11 Programming and Unit Testing
      • 2.14 Documentation Standards, particularly the Systems Manual
      • Chapter 4: Change Management and Maintenance Standards
    • The current version of IS-10 is nearly 10 years old.  The information in it, particularly examples, is dated.  Nevertheless, it still provides good information.
  • IS-3 Electronic Information Security
    • Section III.B describes security objectives and the need for risk assessment to determine the importance of these objectives.
    • Section III.C.2.c.iv-v describe requirements for patch management and software development, depending on the risk assessment.
    • Section III.C.2.e describes requirements for change management, again depending on assessed risk.
    • The code itself is a University asset with associated risks.  Therefore, all sections of IS-3 may apply.
  • UC Davis Security Standards
    • Section I.16 "Web Application Security" states "Web applications developed or acquired by campus units must support secure coding practices. Web applications must mitigate the vulnerabilities described within the OWASP Top Ten Critical Web Application Security Vulnerabilities."

Examples