Security As A Distributed Platforms SCM Change Control Mechanism

[article]

of OS security acting as change control mechanism is in the identification and resolution of defects in QA testing. Development code is first handed off for install into the test environment. The QA tester may then notify a developer of a defect identified in testing. The developer, with an understanding of the issue and an eye for a possible resolution, applies a fix to the testing environment in-situ. The reasoning is that this is a very efficient way to test the defect resolution since a nice test environment is already set up. This may involve compiling an executable in a development area with source code in the development environment and transferring the executable to the test environment.

The problem is now that it is too easy to make changes to the test environment, and those changes are not made in a controlled manner. The test environment effectively becomes a development environment too, and with only a few corrections made, the integrity of both the development and testing configurations come into question. This disrupts what is a normally a linear process of develop-and-then-test creating something more murky. It happens that the code is then released directly to production from the QA test environment, and no one can remember what changes were made where after the next round of Unreal Tournament.

By limiting access to the test environment to the testers, much greater accountability is placed on the testers for the integrity of that environment. Greater segregation and clarity of the activities in the test environment is achieved and the tester won’t have to point a finger at the developer as being responsible for supposedly “fixing” the defect that led to a successful QA test but failed in production. The testers are equally responsible. This tighter access requires a robust turnover mechanism so that the handoff of changes from development to QA is repeatable and efficient. This is where we look for CCM tools to provide the functionality.

Other Things to SecureUnlike the mainframe, few distributed platforms CCM tools attempt to manage application runtime environments. This very important area is the machine and location on the machine where the application actually executes. To implement effective SCM, you must resort to the design and implementation of OS-level security measures in addition to mastering one or more software tools designed for SCM functions.Aside from preventing malicious changes or disruptions to the application, OS-level security measures can act as a change control mechanism, limiting access to those who with the appropriate role to change them. This in turn has two consequences: greater segregation and clarity of roles and responsibilities, and reduction of change volume.The benefits of locking down the production runtime environment to a limited few charged with production control responsibilities has long been known. On the distributed platforms you have little choice but to employ OS level security, including managing the passwords to the machines themselves. This concept should also be extended to critical QA test environments.A classic example of the utility of OS security acting as change control mechanism is in the identification and resolution of defects in QA testing. Development code is first handed off for install into the test environment. The QA tester may then notify a developer of a defect identified in testing. The developer, with an understanding of the issue and an eye for a possible resolution, applies a fix to the testing environment in-situ. The reasoning is that this is a very efficient way to test the defect resolution since a nice test environment is already set up. This may involve compiling an executable in a development area

About the author

TechWell Contributor's picture TechWell Contributor

The opinions and positions expressed within these guest posts are those of the author alone and do not represent those of the TechWell Community Sites. Guest authors represent that they have the right to distribute this content and that such content is not violating the legal rights of others. If you would like to contribute content to a TechWell Community Site, email editors@techwell.com.

AgileConnection is one of the growing communities of the TechWell network.

Featuring fresh, insightful stories, TechWell.com is the place to go for what is happening in software development and delivery.  Join the conversation now!

Upcoming Events

Sep 24
Oct 12
Oct 15
Nov 09