CISSP · Question #980
Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?
The correct answer is B. security subject matter expert (SME). A security subject matter expert (SME) should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC). A security SME has the knowledge and experience to identify and mitigate potential security risks and vulnerabilities in
Question
Who should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC)?
Options
- AThe business owner
- Bsecurity subject matter expert (SME)
- CThe application owner
- DA developer subject matter expert (SME)
How the community answered
(33 responses)- B94% (31)
- C3% (1)
- D3% (1)
Explanation
A security subject matter expert (SME) should perform the design review to uncover security design flaws as part of the Software Development Life Cycle (SDLC). A security SME has the knowledge and experience to identify and mitigate potential security risks and vulnerabilities in the design phase, before they become costly and difficult to fix in later stages. The business owner, the application owner, and the developer SME may not have the sufficient security expertise or perspective to conduct a thorough and effective design review.
Topics
Community Discussion
No community discussion yet for this question.