Software Management
Software Management
The Software Management subgroup of the SSWG is developing guidelines for software management practice at UC Davis. This includes software repositories, documentation, application security, change control, testing, deployment, etc.
Subgroup Membership
Curtis Bray
Adam Getchell
David Walker
Applicable Policy
IS-10 Systems Development and Maintenance Standards
The following sections have applicability:
2.11 Programming and Unit Testing
2.14 Documentation Standards, particularly the Systems Manual
Chapter 4: Change Management and Maintenance Standards
The current version of IS-10 is nearly 10 years old. The information in it, particularly examples, is dated. Nevertheless, it still provides good information.
IS-3 Electronic Information Security
Section III.B describes security objectives and the need for risk assessment to determine the importance of these objectives.
Section III.C.2.c.iv-v describe requirements for patch management and software development, depending on the risk assessment.
Section III.C.2.e describes requirements for change management, again depending on assessed risk.
The code itself is a University asset with associated risks. Therefore, all sections of IS-3 may apply.
Section I.16 "Web Application Security" states "Web applications developed or acquired by campus units must support secure coding practices. Web applications must mitigate the vulnerabilities described within the OWASP Top Ten Critical Web Application Security Vulnerabilities."
Examples
IET - AD - Sampling of processes/documentation
- General SDLC progress used on medium/large progress
- When and how Jira is used within IET-AD
- Detailed guide for daily usage of Jira
- Enlarged image
- Enlarged image
- Checklist of items that should be addressed in each project
- How to make your web app almost 100% ADA Section 508 compliant
- Standard license for source code