CISSP · Question #785
When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
The correct answer is B. Perform overlapping code reviews by both parties.. When third-party developers are involved, Quality Assurance is best achieved through overlapping code reviews by both parties, ensuring mutual accountability and technical validation of the software being produced.
Question
When using third-party software developers, which of the following is the MOST effective method of providing software development Quality Assurance (QA)?
Options
- ARetain intellectual property rights through contractual wording.
- BPerform overlapping code reviews by both parties.
- CVerify that the contractors attend development planning meetings.
- DCreate a separate contractor development environment.
How the community answered
(41 responses)- A7% (3)
- B80% (33)
- C10% (4)
- D2% (1)
Why each option
When third-party developers are involved, Quality Assurance is best achieved through overlapping code reviews by both parties, ensuring mutual accountability and technical validation of the software being produced.
Retaining intellectual property rights is a legal and contractual protection measure, not a technical QA process that validates the quality or correctness of the software code.
Overlapping code reviews by both the client and the third-party developer create a collaborative QA process where defects, security vulnerabilities, and deviations from requirements are caught from multiple perspectives. This dual-review approach directly addresses software quality by technically examining the code itself rather than relying on administrative or environmental controls. It also ensures transparency and shared responsibility for the final product's integrity.
Having contractors attend development planning meetings ensures alignment on requirements and goals, but does not directly verify the quality of the code or software artifacts being produced.
Creating a separate contractor development environment addresses security isolation and access control concerns, but does not constitute a QA mechanism for validating software quality.
Concept tested: Third-party software development quality assurance controls
Source: https://www.nist.gov/publications/software-assurance-reference-dataset
Topics
Community Discussion
No community discussion yet for this question.