Register
A development team releases updates to an application regularly. The application is compiled with several standard, open-source security products that require a minimum version for compatibility. During
18.4k views
2 votes
A development team releases updates to an application regularly. The application is compiled with several standard, open-source security products that require a minimum version for compatibility.

During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?

A. The developers should require an exact version of the open-source security products, preventing the introduction of new vulnerabilities.

B. The application development team should move to an Agile development approach to identify security concerns faster.

C. The change logs for the third-party libraries should be reviewed for security patches, which may need to be included in the release

D. The application should eliminate the use of open-source libraries and products to prevent known vulnerabilities from being included

User Mark Wigmans
by
7.3k points

1 Answer

6 votes

Final answer:

To minimize application vulnerabilities, the development team should review the change logs for third-party libraries used in the application to include any security patches or updates. This helps ensure the application is using the latest versions of open-source security products and reduces the risk of known vulnerabilities.

Step-by-step explanation:

To minimize possible application vulnerabilities during the security review portion of the development cycle, it is advisable to review the change logs for the third-party libraries being used. These change logs can provide information about security patches or updates that may need to be included in the release. This helps to ensure that the application is using the latest versions of the open-source security products and reduces the risk of known vulnerabilities.

For example, if a security patch is released for a particular open-source security product to fix a vulnerability, including that patch in the application's update can ensure that the vulnerability is addressed. By keeping the open-source security products up-to-date, the development team can minimize the risk of potential vulnerabilities.

Therefore, option C, reviewing the change logs for security patches that may need to be included in the release, is the best approach to minimizing application vulnerabilities.

User Tnunamak
by
8.2k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.0m questions

11.6m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Link Copied!