Question

After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access.

Which of the following is the BEST way to ensure security of the code following the incident?

A. Hire an external red team to conduct black box testing
B. Conduct a peer review and cross reference the SRTM
C. Perform white-box testing on all impacted finished products
D. Perform regression testing and search for suspicious code

Answer 1

The most effective method to ensure code security after a developer's departure is to have a peer review of the code cross-referenced with the Software Requirements Traceability Matrix to identify any anomalies or malicious code.

Step-by-step explanation:

The best way to ensure the security of the code following the unpleasant departure of a developer is to conduct a peer review and cross-reference the Software Requirements Traceability Matrix (SRTM).

This method involves having other developers look over the code to check for any inconsistencies, potential backdoors, anomalies, or malicious code that could have been introduced.

The SRTM is a document that maps requirements to their implementation in the code, making it easier to cross-reference and verify that all components are functioning as intended and have not been tampered with.

While hiring an external red team to conduct black box testing and performing white-box testing on all impacted finished products could also identify potential security flaws, they wouldn't necessarily spot something specifically planted by the departing developer.

Regression testing could ensure that new code hasn't broken any existing functionality, but it may not catch subtle, malicious code. Thus, a thorough peer review in conjunction with the SRTM is the most targeted and immediate approach