cross-posted from: https://lemmy.pe1uca.dev/post/1137911

I need to help auditing a project from another team.
I got the pointers on what’s expected to be checked, but I don’t have like templates for documents for what’s expected from an audit report which also means I’m not sure what’s the usual process to conduct an internal audit.
I mean I might as well read the whole repo, but maybe that’s too much?

Any help or pointers on what I need to investigate to get started would be great!

  • MajorHavoc@programming.dev
    link
    fedilink
    arrow-up
    8
    ·
    8 months ago

    I got the pointers on what’s expected to be checked…

    If it’s really an audit, it should come with specific questions that you need to provide answers to (or at least the best evidence you can find.)

    If someone is both calling this an audit, and using light terms like “pointers”, you’re maybe being framed for a crime that’s happening, or something. Probably not that extreme, but they don’t sound like an ally.

    I mean I might as well read the whole repo, but maybe that’s too much?

    You can stop reading when you find the answers to the requested questions. On the first one you do you’ll read everything more than once. On future audits you’ll know where to look and it’ll go much quicker.

    • madkarlsson@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      You can stop reading when you find the answers to the requested questions.

      Eh no not necessarily. This depends on the type of audit and the questions specifically, but should never be a default stance if you want to provide a full report. Moreover, if you are learning to do software audits, it would be beneficial to check everything because experience is key to know what you are looking for