Tool Deployment Model

Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.

This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities.

Developer adoption model * Deploy automated tools to developers * Control tool rule base * Security review results and probe a little further.

Testing Department model * Test department includes automated review in functional test. * Security review results and probe a little further.
 * Tool rule base is controlled by the security department and complies with internal secure application development policies.

Application security group model * All code goes through application security group * Group use manual and automated solutions