Certified Information Systems Security Professional (CISSP) — Question 167

Who is the BEST person to review developed application code to ensure it has been tested and verified?

Answer options

• A. A developer who knows what is expected of the application, but not the same one who developed it.
• B. A member of quality assurance (QA) should review the developer’s code.
• C. A developer who understands the application requirements document, and who also developed the code.
• D. The manager should review the developer’s application code.

Correct answer: A

Explanation

The correct answer is A because an independent developer can provide an unbiased review of the code, ensuring that it meets the application’s expectations. Option B, while a QA member can review code, they may lack the specific insights that come from a developer familiar with the application's expectations. Option C introduces bias, as the same developer may overlook issues. Option D is not ideal as managers typically do not have the technical expertise required for a thorough code review.