CCSP · Question #206
CCSP Question #206: Real Exam Question with Answer & Explanation
The correct answer is B: Open source review. To identify programming errors and improve code quality in a development firm, a review of open-source components can reveal known issues and vulnerabilities.
Question
You are the security manager for a software development firm. Your company is interested in using a managed cloud service provider for hosting its testing environment. Previous releases have shipped with major flaws that were not detected in the testing phase; leadership wants to avoid repeating that problem. What tool/technique/technology might you suggest to aid in identifying programming errors?
Options
- AVulnerability scans
- BOpen source review
- CSOC audits
- DRegulatory review
Explanation
To identify programming errors and improve code quality in a development firm, a review of open-source components can reveal known issues and vulnerabilities.
Common mistakes.
- A. Vulnerability scans primarily identify known security weaknesses in applications or systems, not necessarily general programming errors or logic flaws.
- C. SOC audits (Service Organization Control audits) assess an organization's internal controls related to security, availability, processing integrity, confidentiality, and privacy, but they don't directly identify programming errors in source code.
- D. Regulatory review assesses compliance with laws and regulations, which does not directly involve identifying programming errors in software.
Concept tested. Software development security, static/dynamic code analysis, open-source security
Reference. https://learn.microsoft.com/en-us/azure/security/develop/secure-dev-overview
Topics
Community Discussion
No community discussion yet for this question.