Question: . A security engineer was auditing an organization s current software development practice and discovered that multiple open - source libraries were Integrated into the

.A security engineer was auditing an organizations current software development practice and discovered that multiple open-source libraries were Integrated into the organizations software. The organization currently performs SAST and DAST on the software it develops. Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries? A. Perform additional SAST/DAST on the open-source libraries. B. Implement the SDLC security guidelines. C. Track the library versions and monitor the CVE website for related vulnerabilities. D. Perform unit testing of the open-source libraries Is it B or C? Please explain

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Programming Questions!

Q:

Please help me make an Executive Summary. Explain what you will examine in the case study. Write an overview of the field you are researching. Make a thesis statement and sum up the results of your...

Q:

For the exclusive use of F. Ortolano, 2015. 9-910-036 REV: APRIL 11, 2011 BENJAMIN EDELMAN THOMAS R. EISENMANN Go oogle In nc. Go oogle's mission is to organize the world's inf n nformation and make...

Q:

For the exclusive use of S. Setiawan, 2015. 9-910-036 REV: APRIL 11, 2011 BENJAMIN EDELMAN THOMAS R. EISENMANN Go oogle In nc. Go oogle's mission is to organize the world's inf n nformation and make...

Q:

CHA P TER 9 Understanding Software: A Primer for Managers 1. INTRODUCTION L E A R N I N G O B J E C T I V E S 1. Recognize the importance of software and its implications for the rm and strategic...

Q:

ITM 309: Business Information Technology and Systems Spring 2016 Watson and the new era of cognitive systems Jerry Haan IBM Cloud Ecosystem Development January 27, 2016 2013 International Business...

Q:

Information Security Risk Management ITC6315 Assignment 2 Assignment For this exercise, read the provided case study about AcmeHealth, and rate the risk exposure for each finding related to the...

Q:

SYIT: CHANGING THE CORPORATE CULTURE Maria Khan, Khurram Rehman Aivi, and Zunaira Saqib wrote this case solely to provide material for class discussion. The authors do not intend to illustrate either...

Q:

. What are the advantages and disadvantages of Rosetta Stone going public? 2. What do you think the current value of a share of Rosetta Stone is (at the time of the case)? Justify your valuation on a...

Q:

1. What are the advantages and disadvantages of Rosetta Stone going public? 2. What do you think the current value of a share of Rosetta Stone is (at the time of the case)? Justify your valuation on...

Q:

Googles ease of use and superior search results have propelled the search engine to its num- ber one status, ousting the early dominance of competitors such as WebCrawler and Infos- eek. Even later...

Q:

Kallie Jungemann, owner of Flowers 4 You, operates a local chain of fioral shops. Each shop has its own delivery van. Instead of charging a flat delivery fee, Jungemann wants to set the delivery fee...

Q:

women's clothing. During the year, the company incurred the following costs: Factory rent Direct labor Utilities-factory Purchases of direct materials Indirect materials Indirect labor $380,00 0...

Q:

0 . 2 5 points Time Remaining 1 hour 5 8 minutes 4 1 seconds 0 1 : 5 8 : 4 1 eBook Print References Check my workCheck My Work button is now disabled Item 4 Time Remaining 1 hour 5 8 minutes 4 1...

Q:

Problem 2 The TaeOh Mfg. Co. operates two consecutive producing departments, A & B. The following quantity data are on Department A's production in December: In process, December 1 Placed in process...