💼 6.2.3 Bespoke and custom software is reviewed prior to being released into production or to customers, to identify and correct potential coding vulnerabilities.

• Contextual name: 💼 6.2.3 Bespoke and custom software is reviewed prior to being released into production or to customers, to identify and correct potential coding vulnerabilities.

• ID: /frameworks/pci-dss-v4.0/06/02/03

• Located in: 💼 6.2 Bespoke and custom software are developed securely.

Description

As follows:

• Code reviews ensure code is developed according to secure coding guidelines.
• Code reviews look for both existing and emerging software vulnerabilities.
• Appropriate corrections are implemented prior to release.

Similar

• Sections
  • /frameworks/pci-dss-v3.2.1/06/03/02
  • /frameworks/pci-dss-v4.0.1/06/02/03

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 6.3.2 Review custom code prior to release to production or customers in order to identify any potential coding vulnerability.
💼 PCI DSS v4.0.1 → 💼 6.2.3 Bespoke and custom software is reviewed prior to being released into production or to customers, to identify and correct potential coding vulnerabilities.	1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 PCI DSS v3.2.1 → 💼 6.3.2 Review custom code prior to release to production or customers in order to identify any potential coding vulnerability.
💼 PCI DSS v4.0.1 → 💼 6.2.3 Bespoke and custom software is reviewed prior to being released into production or to customers, to identify and correct potential coding vulnerabilities.	1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 6.2.3.1 If manual code reviews are performed for bespoke and custom software prior to release to production, code changes are reviewed by individuals other than the originating code author, and who are knowledgeable about code-review techniques and secure coding practices reviewed and approved by management prior to release.