Tool Deployment Model
Deploying code review tools to developers helps the throughput of a code review team by helping to identify and hopefully remove most of the common and simple coding mistakes prior to a security consultant viewing the code.
This methodology improves developer knowledge and also the security consultant can spend time looking for more abstract vulnerabilities.
Developer adoption model
* Deploy automated tools to developers * Control tool rule base * Security review results and probe a little further.
Testing Department model
* Test department includes automated review in functional test. * Security review results and probe a little further.
- Tool rule base is controlled by the security department and complies with internal secure application development policies.
Application security group model
* All code goes through application security group * Group use manual and automated solutions