A security analyst has been asked to perform a review of an organization’s software development
lifecycle. The analyst reports that the lifecycle does not contain a phase in which team members
evaluate and provide critical feedback of another developer’s code. Which of the following
assessment techniques is BEST described in the analyst’s report?
A.
Architecture evaluation
B.
Baseline reporting
C.
Whitebox testing
D.
Peer review