The development team wants new commercial software to integrate into the current system. What steps can the security office take to ensure the software has no vulnerabilities?
A.
Ask the development team to reevaluate the current program and have a toolset developed securely within the organization.
B.
Request a copy of the most recent System and Organization Controls (SOC) report and/or most recent security audit reports and any vulnerability scans of the software code from the vendor.
C.
Purchase the software, deploy it in a test environment, and perform Dynamic Application Security Testing (DAST) on the software.
D.
Request a software demo with permission to have a third-party penetration test completed on it.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit