A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important.
Which of the following will provide the MOST thorough testing and satisfy the CEO’s requirements?
A . Use the security assurance team and development team to perform Grey box testing.
B . Sign a NDA with a large consulting firm and use the firm to perform Black box testing.
C . Use the security assurance team and development team to perform Black box testing.
D . Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.
Answer: D
Leave a Reply