SLI Compliance®

Source Code Review

In terms of security and compliance, source code is critical for your  business. With our proven source code review methods, you get innovative, highly reliable, custom solutions that give you the critical knowledge you need. Knowledge that helps house, professional source code review engineers with sophisticated skill sets and extensive experience across a range of industries, including financial services, transportation, telecommunications, aerospace, healthcare, voting systems and e-commerce.

We provide a step-by-step inspection as well as automated analysis of software to locate errors or unexpected conditions. Our review covers conformance to standards, modularity, commenting and maintainability.

We also perform security analysis of the source code using automated tools to identify vulnerabilities and security weaknesses. Automated scanning of application source code using commercial static secure analysis tools, combined with manual analysis is completed to identify data entry points, perform data  flow analysis, trace user controllable data from entry points, and search the code base for known gaps and software vulnerabilities

Our process and tools make it possible for us to evaluate every aspect of your code (composition, organization, labeling) against industry-acknowledged code development standards and identify errors that could compromise security. By making sure your code is intelligible, stable and maintainable, SLI ComplianceSM helps you keep your systems—and your business—secure and compliant.

Proven Results

One of SLI’s clients expressed concern about why their custom software vendor was expending excessive effort to make simple software changes. Our examination of the system’s source code revealed that the software had been written with inconsistent and ambiguously defined values, in violation of basic programming concepts. Remediation is currently underway and the client is receiving a better product.

Source Code Review Benefits:

  • Identifies errors and inconsistencies that could lead to security failures
  • Allows for discovery and correction in the development phase instead of after release
  • Produces more intelligible, stable and maintainable code
  • Standardizes code, which results in shorter learning curves and maintenance cycles
  • Improves application security
  • Increases logic and consistency in naming

The Process

Source Code Process