PW.8.2: Scope the testing, design the tests, perform the testing, and document the results, including recording and triaging all discovered issues and recommended remediations in the development team’s workflow or issue tracking system.
Example 1: Perform robust functional testing of security features.
Example 2: Integrate dynamic vulnerability testing into the project’s automated test suite.
Example 3: Incorporate tests for previously reported vulnerabilities into the project’s test suite to ensure that errors are not reintroduced.
Example 4: Take into consideration the infrastructures and technology stacks that the software will be used with in production when developing test plans.
Example 5: Use fuzz testing tools to find issues with input handling.
Example 6: If resources are available, use penetration testing to simulate how an attacker might attempt to compromise the software in high-risk scenarios.
Example 7: Identify and record the root causes of discovered issues.
Example 8: Document lessons learned from code testing in a wiki that developers can access and search.
Example 9: Use source code, design records, and other resources when developing test plans.
CMMI Maturity
Description
Scope the testing, design the tests, perform the testing, and document the results, including recording and triaging all discovered issues and recommended remediations in the development team’s workflow or issue tracking system.