These are generally called "application compliance" or "application quality assurance" tools; I work for a Fortune 500 company and we use the term application quality assurance tools. In our case we have off-the-shelf tools that manage application changes through a "code checkout" process (developers must log when code is being edited or is in use, and then denote when the work is finished) that is followed by a scan of the application changes that have been "checked in" for security and quality compliance.
There are actually many off-the-shelf products that do this type of quality control. CA Inc., EMC Corp., IBM, Oracle Corp. and others have some form of application change control and/or monitoring software. But keep in mind, this software can come in two forms -- real-time or periodic audit discovery -- and you have to decide if your enterprise needs one or both functions. Real-time systems manage and control developer access and changes (similar to the off-the-shelf tools I described above), and then there are audit-discovery tools that periodically go out into the infrastructure, detect changes on applications and systems, and generate reports on any changes detected, usually in audit report format. The change-control tools are mature, but the audit-discovery tools are still fairly new, and their capabilities vary as to how well they can capture change information, especially in a complex, large and diversified environment like those found in many Fortune 500 companies.
For more information:
- How can quality assurance tools aid software development? Read more.
- Learn more about testing software with automated quality assurance tools.
This was first published in January 2010