Information Technology Reference
In-Depth Information
document. However, standardized, yet flexible, coding standards will enhance an
organization's ability to decrease coding defects while simultaneously increasing
security, reliability and maintainability of application programs. Examiners should
evaluate an organization's coding standards and related code review procedures
(IRM
2003
).
9.1.2 Library Utilization and Management
Libraries are collections of stored documentation, programs and data. Program
libraries include reusable program routines or modules stored in source or object
code formats. Program libraries allow programmers to access frequently used
routines and add them to programs without having to rewrite the code. Dynamic
link libraries include executable code programs ? can automatically run as part of
larger applications. Library controls should include:
Automated Password Controls: Management should establish logical access
controls for all libraries or objects within libraries. Establishing controls on indi-
vidual objects within libraries can create security administration burdens. However,
if similar objects (executable and non-executable routines, test and production data,
etc.) are grouped into separate libraries, access can be granted at library levels.
Automated Library Applications: When feasible, management should imple-
ment automated library programs, which are available from equipment manufac-
turers and software vendors. The programs can restrict access at library or object
levels and produce reports that identify who accessed a library and what, if any,
changes were made.
9.1.3 Version Controls
Library controls facilitate software version controls. Version controls provide a
means to systematically retain chronological copies of revised programs and
program documentation. Implementation version control systems are sometimes
referred to as concurrent version systems. Such systems assist organizations in
tracking different versions of source code during implementation. The systems do
not simply identify and store multiple versions of source code files. They maintain
one file and identify and store only changed code. When a user requests a par-
ticular version, the system recreates that version. Concurrent version systems
facilitate the quick identification of programming errors. For example, if pro-
grammers install a revised program on a test server and discover programming
errors, they only have to review the changed code to identify the error.
