solve issues #69 #70 #71 #72 #73 #75

indigo-dc · Dec 9, 2021 · fe00546 · fe00546
1 parent 50f61b5
commit fe00546
Showing 1 changed file with 14 additions and 14 deletions.
diff --git a/content/06.quality_criteria.md b/content/06.quality_criteria.md
@@ -220,32 +220,29 @@ software being developed first and test cases created later.
     * Public API documentation.
     * Command Line Interface (CLI) reference.
 
-* **[QC.Doc07]** Documentation **MUST** be checked on change basis.
-
 ## 4.9. Security [QC.Sec]
 
 Security assessment is essential for any production **Software**. An effective implementation of the
-security requirements applies to every stage in the software development life cycle (SDLC),
+security requirements applies to every stage in the Software Development Life Cycle (SDLC),
 especially effective at the source code level.
 
-* **[QC.Sec01]** Secure coding practices ****MUST**** be applied into all the stages of a software
+* **[QC.Sec01]** Secure coding practices **MUST** be applied into all the stages of a software
   component development lifecycle.
 
   * **[QC.Sec01.1]** Compliance with Open Web Application Security Project (OWASP) secure coding
     guidelines
     [@https://owasp.org/www-project-secure-coding-practices-quick-reference-guide/migrated_content]
     is **RECOMMENDED**, even for non-web applications.
 
-* **[QC.Sec02]** Source code ****MUST**** use automated linter tools to perform static application
+* **[QC.Sec02]** Source code **MUST** use automated linter tools to perform static application
   security testing (SAST) [@https://owasp.org/www-community/Source_Code_Analysis_Tools] that flag
   common suspicious constructs that may cause a bug or lead to a security risk (e.g. inconsistent
   data structure sizes or unused resources).
 
 * **[QC.Sec03]** Security code reviews
   [@https://owasp.org/www-project-code-review-guide/migrated_content]
   for certain vulnerabilities **SHOULD** be done as part of the identification of potential security
-  flaws in the code. Inputs **SHOULD** come from automated linters and manual penetration testing
-  results.
+  flaws in the code. Inputs **SHOULD** come from automated linters.
 
 * **[QC.Sec04]** World-writable files or directories **MUST NOT** be present in the product’s
   configuration or logging locations.
@@ -293,7 +290,7 @@ A change-based approach is accomplished with a branching model.
     operational performance of the software.
 
   * **[QC.Man01.2]** The description of an issue **SHOULD** be concise and state clearly the
-   problem. It is RECOMMENDED to add any reference to the actual problem. In the case of bugs, the
+   problem. It is **RECOMMENDED** to add any reference to the actual problem. In the case of bugs, the
    issue **SHOULD** be accompanied by the relevant debug information.
          * The usage of templates for the issue description is **RECOMMENDED**.
 
@@ -319,10 +316,10 @@ A change-based approach is accomplished with a branching model.
 
 ## 4.13. Code Review [QC.Rev]
 
-Code review implies the informal, non-automated, peer, human-based revision of any change in the
-source code [@https://owasp.org/www-project-code-review-guide/migrated_content]. It appears as the
-last step in the change management pipeline, once the candidate change has successfully passed over
-the required set of change-based tests.
+Code review implies the informal, non-automated, peer review of any change in the source code
+[@https://owasp.org/www-project-code-review-guide/migrated_content]. It appears as the last step in
+the change management pipeline, once the candidate change has successfully passed over the required
+set of change-based tests.
 
 * **[QC.Rev01]** Code reviews **MUST** be done in the agreed peer review tool within the project,
   with the following RECOMMENDED functionality:
@@ -369,8 +366,11 @@ the required set of change-based tests.
 Automated delivery comprises the build of Software into an artifact, its upload/registration into a
 public repository of such artifacts and notification of the success of the process.
 
-* **[QC.Del01]** Production-ready code **MUST** be built as an artifact that can be executed on a
-  system.
+* **[QC.Del01]** Production-ready code **MUST** be built as an artifact that can be efficiently
+  executed on a system.
+
+  * **[QC.Del01.1]** The built artifact **SHOULD** be as minimal as possible, including no more than
+    the precise runtime environment and dependencies required for the execution of the software.
 
 * **[QC.Del02]** The builded artifact **MUST** be uploaded and registered into a public repository
   of such artifacts.