SA-11(04) Manual Code Reviews
Require the developer of the system, system component, or system service to perform a manual code review of sa-11.04_odp.01 using the following processes, procedures, and/or techniques: sa-11.04_odp.02.
|sa-11.04_odp.02||processes, procedures, and/or techniques|
Manual code reviews are usually reserved for the critical software and firmware components of systems. Manual code reviews are effective at identifying weaknesses that require knowledge of the application’s requirements or context that, in most cases, is unavailable to automated analytic tools and techniques, such as static and dynamic analysis. The benefits of manual code review include the ability to verify access control matrices against application controls and review detailed aspects of cryptographic implementations and controls.