Organisations that take advantage of third party application and component development services have a range of on-going challenges that need to be managed when accepting and subsequently incorporating a foreign code base, as part of the supply chain, into their solution or delivery.
One is being able to qualify autonomously that the delivery matches the initial requirements and the correct level of testing has been conducted, the second is that compliance, standards and process have been adhered to. The third is the ability to accurately identify third party slippage and risk. The forth is how to dynamically monitor the impact of introduced feature changes and new security vulnerabilities that may appear during the projects lifecycle.
Similarly, many organisations outsource the testing function of applications to Third Parties without a process in place to manage and identifying the quality and level of testing coverage being both completed and conducted. Automation and CI may provide high levels of testing reports, however, it is easy to show testing completeness on selected code or continuously run the same tests to show a level of activity.
From a Third-Party perspective, being able to supply accurate, supportive data can often take significant resources to complete in a timely manner. In a competitive market, being able to provide testing metrics to prove that the correct level of rigor has been applied, security vulnerabilities and compliance have been consistently adhered to and that an accurate Bill of Materials has been supplied. In addition, being able to demonstrate that tools capabilities are understood and are being used in the correct configuration can offer key differentiators when in the bid process.
With many relationships breaking down early, often due to the last 10% of an application always being the truly complex and time consuming part, SDC has created a range of integrated solutions that help organisations identify and visualise the whole delivery
SDC Systems Application Risk and Vulnerability Lab offers a range of configured Supply Chain Management solutions that can be Managed in an independent arbitrational manner, incorporated into a contractual delivery as an audit service or set up as an on-premise or SaaS delivery.
Find out more…
For more information on how the analysis tools available from SDC Systems can help with managing third party or other foreign code entering the software development process please complete the form below.