this post was submitted on 16 May 2024
19 points (100.0% liked)

Programming

13362 readers
1 users here now

All things programming and coding related. Subcommunity of Technology.

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
19
How to conduct a software audit? (lemmy.pe1uca.dev)
submitted 5 months ago by [email protected] to c/[email protected]
2 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.pe1uca.dev/post/1137911

I need to help auditing a project from another team.
I got the pointers on what's expected to be checked, but I don't have like templates for documents for what's expected from an audit report which also means I'm not sure what's the usual process to conduct an internal audit.
I mean I might as well read the whole repo, but maybe that's too much?

Any help or pointers on what I need to investigate to get started would be great!

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 8 points 5 months ago (1 children)

I got the pointers on what's expected to be checked...

If it's really an audit, it should come with specific questions that you need to provide answers to (or at least the best evidence you can find.)

If someone is both calling this an audit, and using light terms like "pointers", you're maybe being framed for a crime that's happening, or something. Probably not that extreme, but they don't sound like an ally.

I mean I might as well read the whole repo, but maybe that's too much?

You can stop reading when you find the answers to the requested questions. On the first one you do you'll read everything more than once. On future audits you'll know where to look and it'll go much quicker.

[โ€“] [email protected] 3 points 5 months ago

You can stop reading when you find the answers to the requested questions.

Eh no not necessarily. This depends on the type of audit and the questions specifically, but should never be a default stance if you want to provide a full report. Moreover, if you are learning to do software audits, it would be beneficial to check everything because experience is key to know what you are looking for