Code Review

The VA Office of Information Security (OIS) Software Assurance (SwA) Program Office assists VA Application Developers with secure code review processes. Secure code reviews of VA enterprise applications are conducted during development and when a determination is made that an application is high-risk and high-priority application. Secure code reviews conducted during development are performed both during component testing and during Assessment and Authorization (A&A) processes. Secure code reviews performed by the VA SwA Program Office are performed in cases where the VA Certification Program Office (CPO) and the VA Network Security Operations Center (NSOC) have determined that an application warrants independent analysis.

The OIS SwA Program Office Support Site: