CISSP · Question #214
What is one way to mitigate the risk of security flaws in custom software?
The correct answer is B. Include security assurance clauses in the Service Level Agreement (SLA). One way to mitigate the risk of security flaws in custom software is to include security assurance clauses in the Service Level Agreement (SLA) between the customer and the software developer. The SLA is a contract that defines the expectations and obligations of both parties, su
Question
What is one way to mitigate the risk of security flaws in custom software?
Options
- AInclude security language in the Earned Value Management (EVM) contract
- BInclude security assurance clauses in the Service Level Agreement (SLA)
- CPurchase only Commercial Off-The-Shelf (COTS) products
- DPurchase only software with no open source Application Programming Interfaces (APIs)
How the community answered
(36 responses)- A3% (1)
- B81% (29)
- C6% (2)
- D11% (4)
Explanation
One way to mitigate the risk of security flaws in custom software is to include security assurance clauses in the Service Level Agreement (SLA) between the customer and the software developer. The SLA is a contract that defines the expectations and obligations of both parties, such as the scope, quality, performance, and security of the software. By including security assurance clauses, the customer can specify the security requirements and standards that the software must meet, and the developer can agree to provide evidence of compliance and remediation of
Topics
Community Discussion
No community discussion yet for this question.