CISSP Question #612: Real Exam Question with Answer & Explanation

Question

Which of the following is the BEST technique to facilitate secure software development?

Options

• AAdhere to secure coding practices for the software application under development.
• BConduct penetrating testing for the software application under development.
• CDevelop a threat modeling review for the software application under development.
• DPerform a code review process for the software application under development.

Explanation

Secure software development is a process of designing, developing, testing, and maintaining software systems or applications that meet the security requirements and standards of the organization and the stakeholders. The best technique to facilitate secure software development is to adhere to secure coding practices for the software application under development. Secure coding practices are guidelines or principles that help to prevent or mitigate common security vulnerabilities or flaws in the software code, such as buffer overflow, injection, cross-site scripting, or broken authentication. Secure coding practices can help to improve the quality, reliability, and security of the software application, as well as reduce the cost and time of fixing the security issues later. Conducting penetration testing, developing a threat modeling review, or performing a code review process are also good techniques to facilitate secure software development, but they are not as effective or proactive as adhering to secure coding practices.

No community discussion yet for this question.