Question APPL-14
Do you have software testing processes (dynamic or static) that are established and followed?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
State your plans to implement software testing processes into your environment.
Answering "YES"
Describe testing processes, including but not limited to, development of test plans, personnel involved in the testing process, and authorized individual accountable for approval and certification of test results.
Reason for Question
Code analysis (prior to implementation) can decrease the number of vulnerabilities within a system. Depending on the insight a vendor has into their code, code testing should be expected.
Follow-Up Inquiries
If software testing processes are not established and followed, point the vendor to OWASP's Testing Guide at https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents (opens in a new tab)
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]