CISSP · Question #1468
A Chief Information Security Officer (CISO) is considering various proposals for evaluating security weaknesses and vulnerabilities at the source code level. Which of the following items BEST equips t
The correct answer is A. The Common Weakness Risk Analysis Framework (CWRAF). The Common Weakness Risk Analysis Framework (CWRAF). CWRAF is a framework that helps prioritize the security weaknesses and vulnerabilities in source code based on the operational context and potential impact of the software. CWRAF can also correlate scan findings to Common Weakn
Question
Options
- AThe Common Weakness Risk Analysis Framework (CWRAF)
- BThe Common Vulnerabilities and Exposures (CVE)
- CThe Common Weakness Enumeration (CWE)
- DThe Open Web Application Security Project (OWASP) Top Ten
How the community answered
(41 responses)- A44% (18)
- B29% (12)
- C17% (7)
- D10% (4)
Explanation
The Common Weakness Risk Analysis Framework (CWRAF). CWRAF is a framework that helps prioritize the security weaknesses and vulnerabilities in source code based on the operational context and potential impact of the software. CWRAF can also correlate scan findings to Common Weakness Enumeration (CWE) and Security Technical Implementation Guides (STIGs) to provide a comprehensive report of the security risks. The other items, such as CVE, CWE, and OWASP Top Ten, are useful sources of information about common vulnerabilities and exposures, but they do not provide a tailored analysis of the source code based on the specific operational environment and requirements.
Topics
Community Discussion
No community discussion yet for this question.