Framework capability areas
Quality Control
Area Overview
Quality Control in the realm of product development is a critical discipline focused on maintaining and enhancing the integrity, reliability, and performance of the product. It's not just about finding defects or issues; it's about ensuring that the product meets the highest standards of quality from every angle. This crucial phase acts as a gatekeeper, rigorously testing and scrutinizing every component of the product to ensure that it not only meets the predefined standards and expectations but also surpasses them.
These capabilities are pivotal in identifying any discrepancies, weaknesses, or potential improvements in the product before it reaches the end-user. By implementing a robust Quality Control process, organizations can avoid costly recalls, maintain customer trust, and uphold their reputation in the market. It's a proactive commitment to excellence, ensuring that the final product is not just good but exceptional.
Benefits
- Enhanced Product Performance and Reliability: Regular and thorough quality checks ensure that every aspect of the product is functioning optimally, enhancing overall performance and reliability.
- Customer Satisfaction and Loyalty: Delivering products that consistently meet or exceed customer expectations fosters trust and loyalty, reinforcing the brand's reputation for quality.
- Reduction in Post-Release Issues: Identifying and rectifying issues during the Quality Control phase significantly reduces the incidence of bugs and issues post-release, minimizing the need for patches and updates.
- Cost Efficiency: Early detection and correction of defects or quality issues prevent costly fixes post-deployment and reduce the risk of warranty claims and returns.
Component Security Testing [PSCF‑QC‑CST]
The capability to analyse products for security issues in source code and included libraries
Capability Overview
Component Security Testing is vital in ensuring that the individual components within a software system are secure. In the modern development ecosystem, where applications are often built by assembling various components like libraries, frameworks, and modules, the security of each component is crucial. Vulnerabilities in any single component can compromise the entire system, making it essential to thoroughly test each one for security issues.
Compliance Requirement
| Regulation or Standard | Required |
|---|---|
| GDPR | N |
| OWASP SAMM | Y |
| NIST SSDF | Y |
Accountability
| Organisational Lead | Product Lead | Technical Lead |
|---|---|---|
| Y |
Responsibility
| Leadership | Product | Development | Operations |
|---|---|---|---|
| Y | Y |
Exploratory Security Testing [PSCF‑QC‑EST]
The capability to analyse products for security issues in running systems
Capability Overview
Exploratory Security Testing is an approach that combines security testing with explorative, often manual, techniques. This type of testing is crucial because it allows testers to uncover vulnerabilities that automated tools might miss, providing a more comprehensive understanding of a system's security posture.
Often known as Penetration testing, testers actively engage with the software, trying out different scenarios, and using their expertise and creativity to identify potential security issues. This method is particularly effective in finding complex security vulnerabilities that require a human touch, such as business logic errors or sophisticated attack vectors.
Compliance Requirement
| Regulation or Standard | Required |
|---|---|
| GDPR | Y |
| OWASP SAMM | Y |
| NIST SSDF | Y |
Accountability
| Organisational Lead | Product Lead | Technical Lead |
|---|---|---|
| Y |
Responsibility
| Leadership | Product | Development | Operations |
|---|---|---|---|
| Y | Y |
Security Defect Management [PSCF‑QC‑SDM]
The capability to evaluate findings from security checks through to resolution
Capability Overview
Security Defect Management is a critical process in the software development lifecycle. It involves the identification, prioritization, and remediation of security-related defects in software products. Effective management of security defects is essential to mitigate risks and maintain the integrity of the software.
It is more than just fixing bugs; it's about understanding the impact of those bugs on the overall security of the product and ensuring they are addressed appropriately. This process involves triaging reported security issues, prioritizing them based on severity and impact, and systematically resolving them.
Compliance Requirement
| Regulation or Standard | Required |
|---|---|
| GDPR | N |
| OWASP SAMM | Y |
| NIST SSDF | Y |
Accountability
| Organisational Lead | Product Lead | Technical Lead |
|---|---|---|
| Y |
Responsibility
| Leadership | Product | Development | Operations |
|---|---|---|---|
| Y | Y | Y |