A typical software development process starts with defining the functionality a software app is expected to provide. In some cases, a new app is developed to provide the desired functionality and in other cases an existing app is revised/updated to provide the defined functionality. Certain performance parameters such as expected execution time, memory footprint, whether the app can be executed in parallel on two or more nodes, etc., may also be specified. Thereafter, one or more programmers/developers develop the code for the software app. Such code development can include writing new code; repurposing or modifying existing code; and obtaining and using third-party code such as open source code, code developed by one or more contractors, and using third-party libraries and/or executables. Code, in general, can include source code that can be compiled or interpreted, and scripts.
Typically, when the development of a particular code module or a set of code modules is completed, the module(s) are tested to determine whether the module(s) provide the functionality intended to be provided by those module(s). Such testing may also include testing whether the module(s) meet one or more performance goals for the module(s). In addition, the module(s) may be tested for compliance, such as compliance with the organization's coding practices, requirements imposed by other module(s) and/or software application(s) with which the module(s) under test and/or the app under development are expected to interact, etc. The module(s) may also be tested for security vulnerabilities, e.g., to detect whether the implementation would permit unauthorized access to the module code, other parts of the software app, data processed by the software app, etc. One or more modules may be modified based on the results of the testing and, after the modification, may be retested, as discussed above.
Generally, when the development of all or several modules is completed, or at least reaches a stage at which at least a subset of modules of the software app can be integrated together, such integration is performed to obtain an at least partially functional software app. The integrated software app may then be tested as described above, e.g., to ensure functionality, performance, compliance, and/or lack of unacceptable security vulnerabilities. One or more modules may be modified based on the result of the testing. During the process of developing a software app, the development and testing of individual modules (also called components), the integration of various software modules, and testing of the partially or fully integrated software app may be performed one or more times until the software app is determined to be ready for release/deployment. The steps of integration and testing partially or fully integrated app are typically performed not by the development engineers but by one or more production engineers (also called release engineers or quality assurance (QA) engineers).
The integrated and tested software app can be released/deployed in several ways, e.g., by shipping CDs/DVDs containing the app to customers, making the app available for downloading via the app owner's website, posting the app to a third-party store, and by hosting the app using the app owner's computing systems/servers and/or using a third party's hosting services, where the solution(s) that can be obtained using the app are made available as services to the clients. In some cases, the clients may host the app in providing services to end users. Alternatively or in addition, a client may redistribute the app, using any of the techniques discussed above, to one or more end users. The redistributed app may be integrated or combined with other software component(s) provided by the client.
Upon receiving a copy of the deployed app, an app user (which can be a client and/or an end user), may scan the app to ensure that it does not contain a computer virus, adware, malware, etc. App users typically do not perform any additional testing (e.g., functionality, performance, and/or vulnerability testing), however. One reason why the additional testing is not performed is that the app users typically do not have access to the test-case suites and/or testing/vulnerability scanning programs required for such testing. Second, the app users generally do not have access to the app source code and may be contractually obligated from modifying it. Therefore, they cannot take advantage of such testing, e.g., by modifying the code to address any issues identified during the testing.