nerdexam
(ISC)2

CISSP · Question #1180

At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?

The correct answer is D. Design. Software vulnerability remediation is the process of identifying and fixing the weaknesses or flaws in a software application or system that could be exploited by attackers. Software vulnerability remediation is most likely to cost the least to implement at the design stage of th

Submitted by neha2k· Mar 5, 2026Software Development Security

Question

At what stage of the Software Development Life Cycle (SDLC) does software vulnerability remediation MOST likely cost the least to implement?

Options

  • ADevelopment
  • BTesting
  • CDeployme
  • DDesign

How the community answered

(63 responses)
  • A
    2% (1)
  • B
    2% (1)
  • C
    3% (2)
  • D
    94% (59)

Explanation

Software vulnerability remediation is the process of identifying and fixing the weaknesses or flaws in a software application or system that could be exploited by attackers. Software vulnerability remediation is most likely to cost the least to implement at the design stage of the Software Development Life Cycle (SDLC), which is the phase where the requirements and specifications of the software are defined and the architecture and components of the software are designed. At this stage, the software developers can apply security principles and best practices, such as secure by design, secure by default, and secure coding, to prevent or minimize the introduction of vulnerabilities in the software. Remediation at the design stage is also easier and cheaper than at later stages, such as development, testing, or deployment, because it does not require modifying or rewriting the existing code, which could introduce new errors or affect the functionality or performance of the software.

Topics

#SDLC#vulnerability remediation#secure design#cost analysis

Community Discussion

No community discussion yet for this question.

Full CISSP Practice