Re: Source code monitoring for a large development group

I worked as a contractor for a large cross-ocean development company. They were using case tools (teamwork) as well as a strong version control/build management tool (clearcase). In order to make the developement process as clean as possible, it was seprated in 4 independant teams: Analysts, q&a, C developers and config management.

Analysts are responsible for the analysis as well as code review. q&a is responsible for pre release tests. C developers are developping.
Config management team are maintaining the version control system as well as the build system. They are also responsible in reviewing the changes made to the sources and makefiles.

Craig Minton wrote:

> How does on monitor source code in an organization with hundreds of developers? We are trying to focus on writing more secure code, but with hundreds of developers and sometimes contractors, how do you really know that backdoors or easter eggs were not hidden? Code reviews are good, but it still does not give one good assurance that other code is not being slipped in. Also, forcing all developers to use the same version control and requiring that the code be built from that version control should help insure that only the code in version control goes to production. It is at this point where searching the code become necessary, but it is also very laborious. Any ideas would be greatly appreciated.
Received on Wed Nov 27 17:50:54 2002