A security analyst has been asked to perform a review of an organization’s software development lifecycle. The
analyst reports that the lifecycle does not contain a phase in which team members evaluate and provide critical
feedback of another developer’s code. Which of the following assessment techniques is BEST described in the
analyst’s report?
A.
Architecture evaluation
B.
Baseline reporting
C.
Whitebox testing
D.
Peer review