Issue No.01 - January/February (2008 vol.6)
Edward Bonver , Symantec
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.21
Testing (security testing in particular) on internal tools should be incorporated into the QA process. A responsible software company shouldn't produce insecure software, regardless of whether this software is meant for internal use only.
software security, testing, Building Security In
Edward Bonver, "Security Testing of Internal Tools", IEEE Security & Privacy, vol.6, no. 1, pp. 81-83, January/February 2008, doi:10.1109/MSP.2008.21