Best Practices for Ensuring Code Security
Question
After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access.
Which of the following is the BEST way to ensure security of the code following the incident?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
In this scenario, the company is concerned about the security of the software after the departure of a developer. The BEST way to ensure security of the code following the incident is to conduct a thorough review of the code and testing to identify any potential security vulnerabilities or backdoors that the developer may have introduced.
Option A: Hiring an external red team to conduct black box testing is not the best option as it involves testing the software from an external perspective without access to the source code. This may not reveal any potential vulnerabilities or backdoors that the developer may have introduced, as they may have been hidden in the code.
Option B: Conducting a peer review and cross referencing the SRTM (Security Requirements Traceability Matrix) is a good option, as it involves a team of developers reviewing the code to identify any potential vulnerabilities or backdoors that the developer may have introduced. However, this alone may not be enough to identify all potential issues, especially if the developer was able to obfuscate the code.
Option C: Performing white-box testing on all impacted finished products is a good option, as it involves a thorough review of the code by a team of developers who have access to the source code. This can help to identify any potential vulnerabilities or backdoors that the developer may have introduced, and can also help to ensure that the code is secure and meets the company's security requirements.
Option D: Performing regression testing and searching for suspicious code is a good option, as it involves testing the software to ensure that it continues to function correctly after any changes made by the developer, and can also help to identify any suspicious code that may have been introduced. However, this alone may not be enough to identify all potential issues, especially if the developer was able to obfuscate the code.
Therefore, the BEST option to ensure security of the code following the incident is Option C: Perform white-box testing on all impacted finished products. This involves a thorough review of the code by a team of developers who have access to the source code, which can help to identify any potential vulnerabilities or backdoors that the developer may have introduced, and can also help to ensure that the code is secure and meets the company's security requirements.
